Vulnerability in NeatOS and Pulse Agent Could Affect Content Sharing 

Last updated on April 24th, 2024   

At Neat, we make an effort to continuously assess the security of our products and services. When issues or vulnerabilities are discovered, we quickly work to resolve any issues and communicate this to our customers and partners.  

Vulnerability Details 

We want to inform you about a recent discovery made by our internal security and development teams. We have identified a vulnerability that affects Neat devices running NeatOS 24.1.0 to 24.2.0 with Pulse Agent 0.8.43 and 0.9.24. It is conceivable that a skilled threat actor with local area network access could devise a method to display content from an unauthenticated source to a Neat device that is pre-configured to automatically share content via HDMI. While the likelihood of this occurring is extremely low, it remains a theoretical possibility. The vulnerability can also lead to a Neat device displaying a black screen when the device is undergoing a network port scan. 

Resolution 

Upgrade the Neat Pulse Agent to version 0.9.25 or higher.

Neat released Pulse Agent version 0.9.25 on April 22nd, 2024 and as long as your device is set to automatic upgrade, you should already have this version running on your device.  

Additional Support 

We encourage you to visit our support website (https://support.neat.no) for updates regarding this notification as well as any future potential security incidents. If you encounter an issue with your Neat device, please email: support@neat.no and one of our technical support engineers will reach out to you. 

Note: Neat provides support on Neat devices running current released software or running software from the previous release. For more information on our support policy, please see the article Neat’s technical support policy. 

Neat Vulnerability Disclosure Notice: https://support.neat.no/article/security-vulnerability-reporting-policy-at-neat/ 

Neat Privacy Notice: https://neat.no/privacy-policy/