CVE-2018-19441

Name of the Vulnerable Software and Affected Versions: Neato Botvac Connected version 2.2.0

Description: An issue was discovered in the Neato Botvac Connected. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret key of the robot. This is because the entropy of the secret key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot.

Recommendations: For Neato Botvac Connected version 2.2.0, consider disabling the GenerateRobotPassword function until a patch is available. Restrict access to the NeatoCrypto library to minimize the risk of exploitation. Avoid using the secret key values generated by the GenerateRobotPassword function for authentication/authorization until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.