CVE-2018-19442

Name of the Vulnerable Software and Affected Versions Neato Botvac Connected version 2.2.0

Description A buffer overflow issue exists in the Network::AuthenticationClient::VerifySignature function, allowing a remote attacker to execute arbitrary code with root privileges. This can be achieved by sending a crafted POST request to the "/vendors/neato/robots/[robot serial]/messages" API endpoint on the nucleo.neatocloud.com web site, specifically on port 4443.

Recommendations For Neato Botvac Connected version 2.2.0, consider restricting access to the "/vendors/neato/robots/[robot serial]/messages" API endpoint until a patch is available. As a temporary workaround, avoid using the VerifySignature function in the Network::AuthenticationClient module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.