How severe is CVE-2018-19441?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2018-19441?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2018-19441

MEDIUM Year: 2018

CVSS v3 Score

4.7

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-330

View all →

Vulnerability Description

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot.

CVE-2019-12821

MEDIUM

CVSS:4.8(Medium)

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that d...

CWE-3302019

CVE-2022-29330

MEDIUM

CVSS:4.9(Medium)

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecifie...

CWE-3302022

CVE-2020-0407

MEDIUM

CVSS:4.4(Medium)

In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are ...

CWE-3302020

CVE-2021-28099

MEDIUM

CVSS:4.4(Medium)

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source...

CWE-3302021

CVE-2021-27884

MEDIUM

CVSS:5.1(Medium)

Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.

CWE-3302021

CVE-2019-12434

MEDIUM

CVSS:4.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked ...

CWE-3302019

CVE-2018-19441

Vulnerability Description

Related Vulnerabilities

CVE-2019-12821

CVE-2022-29330

CVE-2020-0407

CVE-2021-28099

CVE-2021-27884

CVE-2019-12434