CVE-2018-18638

Published: 2018-10-24T22:29Z

Last Modified: 2024-11-21T03:56Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt