Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Neato Robotics Neato Botvac Connected 安全特征问题漏洞
Vulnerability Description
Neato Robotics Neato Botvac Connected是美国Neato Robotics公司的一款清洁机器人。 Neato Botvac Connected v2.2.0版本中NeatoCrypto库的‘GenerateRobotPassword’函数存在安全特征问题漏洞。该漏洞是源于网络系统或产品中缺少身份验证、访问控制、权限管理等安全措施。
CVSS Information
N/A
Vulnerability Type
N/A