Vulnerabilites related to ecovacs - deebot_t10
CVE-2024-52331 (GCVE-0-2024-52331)
Vulnerability from cvelistv5
Published
2025-01-23 16:37
Modified
2025-02-12 20:41
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.7 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.7 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
ECOVACS | Unspecified robots |
Version: * |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52331", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-23T16:55:20.382490Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-12T20:41:28.822Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Unspecified robots", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] } ], "datePublic": "2023-12-27T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" }, { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-1391", "description": "CWE-1391 Use of Weak Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-23T16:37:31.290Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html" }, { "name": "url", "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" } ], "title": "ECOVACS lawnmowers and vacuums deterministic firmware encryption key" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2024-52331", "datePublished": "2025-01-23T16:37:31.290Z", "dateReserved": "2024-11-08T01:06:02.405Z", "dateUpdated": "2025-02-12T20:41:28.822Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30200 (GCVE-0-2025-30200)
Vulnerability from cvelistv5
Published
2025-09-05 17:43
Modified
2025-09-08 18:22
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2.3 (Low) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2.3 (Low) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ECOVACS | DEEBOT X1 Series |
Version: * |
||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30200", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T18:22:11.344266Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T18:22:21.457Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "DEEBOT X1 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T20 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T10 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T30 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] } ], "credits": [ { "lang": "en", "value": "Dennis Giese, undefined" }, { "lang": "en", "value": "Braelynn Luedtke, undefined" }, { "lang": "en", "value": "Chris Anderson, undefined" } ], "datePublic": "2025-07-09T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 2.3, "baseSeverity": "LOW", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW" } }, { "other": { "content": { "id": "CVE-2025-30200", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T18:11:07.109909Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-08T18:11:26.081Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19" }, { "name": "url", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json" }, { "name": "url", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30200" } ], "title": "ECOVACS Vacuum and Base Station Hard-Coded AES Encryption" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2025-30200", "datePublished": "2025-09-05T17:43:20.802Z", "dateReserved": "2025-03-18T15:53:26.926Z", "dateUpdated": "2025-09-08T18:22:21.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-12079 (GCVE-0-2024-12079)
Vulnerability from cvelistv5
Published
2025-01-23 16:39
Modified
2025-02-12 17:12
Severity ?
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
ECOVACS | Unspecified robots |
Version: * |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12079", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-23T16:54:04.223721Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-12T17:12:21.831Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Unspecified robots", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] } ], "datePublic": "2023-12-27T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism." } ], "metrics": [ { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-23T16:39:06.903Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" } ], "title": "ECOVACS lawnmowers cleartext storage of anti-theft PIN" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2024-12079", "datePublished": "2025-01-23T16:39:06.903Z", "dateReserved": "2024-12-03T00:26:02.380Z", "dateUpdated": "2025-02-12T17:12:21.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-11147 (GCVE-0-2024-11147)
Vulnerability from cvelistv5
Published
2025-01-23 16:37
Modified
2025-02-12 17:07
Severity ?
7.6 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.0 (High) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.0 (High) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
ECOVACS | Unspecified robots |
Version: * |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-11147", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-23T16:54:55.367221Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-12T17:07:28.749Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Unspecified robots", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] } ], "datePublic": "2023-12-27T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-23T16:37:54.479Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" }, { "name": "url", "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" }, { "name": "url", "url": "https://builder.dontvacuum.me/ecopassword.php" } ], "title": "ECOVACS lawnmowers and vacuums deterministic root password" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2024-11147", "datePublished": "2025-01-23T16:37:54.479Z", "dateReserved": "2024-11-12T15:39:13.966Z", "dateUpdated": "2025-02-12T17:07:28.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-12078 (GCVE-0-2024-12078)
Vulnerability from cvelistv5
Published
2025-01-23 16:38
Modified
2025-02-12 17:11
Severity ?
5.3 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Summary
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
ECOVACS | Unspecified robots |
Version: * |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12078", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-23T16:54:13.718772Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-12T17:11:14.933Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Unspecified robots", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] } ], "datePublic": "2023-12-27T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key." } ], "metrics": [ { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-23T16:38:48.017Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" }, { "name": "url", "url": "https://youtu.be/_wUsM0Mlenc?t=2041" } ], "title": "ECOVACS lawnmowers and vacuums static BLE GATT encryption key" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2024-12078", "datePublished": "2025-01-23T16:38:48.017Z", "dateReserved": "2024-12-02T23:55:12.974Z", "dateUpdated": "2025-02-12T17:11:14.933Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-52330 (GCVE-0-2024-52330)
Vulnerability from cvelistv5
Published
2025-01-23 16:36
Modified
2025-02-12 20:41
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
9.5 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H
9.5 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ECOVACS | DEEBOT X5 PRO PLUS |
Version: 0 < 1.38.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52330", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-23T16:56:31.855219Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-12T20:41:28.969Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "DEEBOT X5 PRO PLUS", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.38.0" }, { "lessThan": "1.38.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X5 PRO", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.70.0" }, { "lessThan": "1.70.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X2S", "vendor": "ECOVACS", "versions": [ { "lessThan": "1.49.0", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "1.49.0" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X2 OMNI", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.76.6" }, { "lessThan": "1.76.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X1 TURBO", "vendor": "ECOVACS", "versions": [ { "lessThan": "2.4.41", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "2.4.41" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X1", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.7.3" }, { "lessThan": "1.7.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X1S PRO", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "2.5.31" }, { "lessThan": "2.5.31", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X1e OMNI", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "2.4.42" }, { "lessThan": "2.4.42", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T10 PLUS", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.7.5" }, { "lessThan": "1.7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T10 OMNI", "vendor": "ECOVACS", "versions": [ { "lessThan": "1.9.0", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "1.9.0" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X5 PRO ULTRA", "vendor": "ECOVACS", "versions": [ { "lessThan": "1.17.0", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "1.17.0" } ] }, { "defaultStatus": "unknown", "product": "Mate X", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.44.18" }, { "lessThan": "1.44.18", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X2 PRO", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.76.6" }, { "lessThan": "1.76.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X2 COMBO", "vendor": "ECOVACS", "versions": [ { "lessThan": "1.81.10", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "1.81.10" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X1 OMNI", "vendor": "ECOVACS", "versions": [ { "lessThan": "2.4.41", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "2.4.41" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X1 PRO OMNI", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "2.4.41" }, { "lessThan": "2.4.41", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X1 PLUS", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.7.3" }, { "lessThan": "1.7.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT X1S PRO PLUS", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.23.0" }, { "lessThan": "1.23.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T10 TURBO", "vendor": "ECOVACS", "versions": [ { "status": "unaffected", "version": "1.10.0" }, { "lessThan": "1.10.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T10", "vendor": "ECOVACS", "versions": [ { "lessThan": "1.7.5", "status": "affected", "version": "0", "versionType": "custom" }, { "status": "unaffected", "version": "1.7.5" } ] } ], "datePublic": "2023-12-27T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS" }, { "cvssV4_0": { "baseScore": 9.5, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H", "version": "4.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-23T16:36:50.128Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" }, { "name": "url", "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" }, { "name": "url", "url": "https://www.ecovacs.com/global/userhelp/dsa20241217001" } ], "title": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2024-52330", "datePublished": "2025-01-23T16:36:50.128Z", "dateReserved": "2024-11-08T01:06:02.405Z", "dateUpdated": "2025-02-12T20:41:28.969Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-52328 (GCVE-0-2024-52328)
Vulnerability from cvelistv5
Published
2025-01-23 16:35
Modified
2025-02-12 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
ECOVACS | Unspecified robots |
Version: * |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-52328", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-23T16:56:59.738808Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-12T20:41:29.266Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Unspecified robots", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] } ], "datePublic": "2023-12-27T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on." } ], "metrics": [ { "cvssV4_0": { "baseScore": 1.8, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N", "version": "4.0" }, "format": "CVSS" }, { "cvssV3_1": { "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-23T16:35:23.197Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" }, { "name": "url", "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" } ], "title": "ECOVACS lawnmowers and vacuums insecurely store audio warning files" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2024-52328", "datePublished": "2025-01-23T16:35:23.197Z", "dateReserved": "2024-11-08T01:06:02.404Z", "dateUpdated": "2025-02-12T20:41:29.266Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30198 (GCVE-0-2025-30198)
Vulnerability from cvelistv5
Published
2025-09-05 17:45
Modified
2025-09-08 18:20
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2.3 (Low) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2.3 (Low) - CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
Summary
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ECOVACS | DEEBOT X1 Series |
Version: * |
||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30198", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T18:20:11.799443Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T18:20:26.088Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "DEEBOT X1 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T20 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T10 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T30 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] } ], "credits": [ { "lang": "en", "value": "Dennis Giese, undefined" }, { "lang": "en", "value": "Braelynn Luedtke, undefined" }, { "lang": "en", "value": "Chris Anderson, undefined" } ], "datePublic": "2025-07-09T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 2.3, "baseSeverity": "LOW", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW" } }, { "other": { "content": { "id": "CVE-2025-30198", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T18:08:40.565084Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-08T18:09:16.263Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19" }, { "name": "url", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json" }, { "name": "url", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30198" } ], "title": "ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2025-30198", "datePublished": "2025-09-05T17:45:36.945Z", "dateReserved": "2025-03-18T15:52:43.925Z", "dateUpdated": "2025-09-08T18:20:26.088Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-30199 (GCVE-0-2025-30199)
Vulnerability from cvelistv5
Published
2025-09-05 17:45
Modified
2025-09-08 18:21
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-494 - Download of Code Without Integrity Check
Summary
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | ECOVACS | DEEBOT X1 Series |
Version: * |
||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-30199", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T18:20:48.723390Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-08T18:21:06.626Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "DEEBOT X1 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T20 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T10 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] }, { "defaultStatus": "unknown", "product": "DEEBOT T30 Series", "vendor": "ECOVACS", "versions": [ { "status": "affected", "version": "*" } ] } ], "credits": [ { "lang": "en", "value": "Dennis Giese, undefined" }, { "lang": "en", "value": "Braelynn Luedtke, undefined" }, { "lang": "en", "value": "Chris Anderson, undefined" } ], "datePublic": "2025-07-09T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.5, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" } }, { "other": { "content": { "id": "CVE-2025-30199", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-09-08T18:09:57.869806Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-09-08T18:10:36.047Z", "orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg" }, "references": [ { "name": "url", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19" }, { "name": "url", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json" }, { "name": "url", "url": "https://www.cve.org/CVERecord?id=CVE-2025-30199" } ], "title": "ECOVACS Vacuum and Base Station accept unsigned firmware" } }, "cveMetadata": { "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "assignerShortName": "cisa-cg", "cveId": "CVE-2025-30199", "datePublished": "2025-09-05T17:45:07.227Z", "dateReserved": "2025-03-18T15:53:08.738Z", "dateUpdated": "2025-09-08T18:21:06.626Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2025-01-23 17:15
Modified
2025-09-23 17:46
Severity ?
Summary
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
References
▼ | URL | Tags | |
---|---|---|---|
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf | Exploit, Third Party Advisory | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5004D440-E3EE-4252-831B-7396887BA117", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C4E3255-6E5D-46FC-8DE0-462788F1B4FD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACB3D3DB-AFB6-4B36-B86D-358BE11FAE3E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED77EFA6-576C-411A-91D2-22C962C30C94", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC59B209-998B-43A6-875D-364844CA37C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA30BA8-4069-4525-A843-E88EFDC720DF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "43C72C62-49C3-49BE-A9F1-3572DA18647C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A663879-36BF-433D-9D7A-B62D65A5C6C9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D16EB997-ADC3-45AA-8E92-6F1371E85A35", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*", "matchCriteriaId": "D63E5FF5-9A27-4674-B573-6929CAB3BB01", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7060D3C-5F7C-4324-987D-C6EB4204CC47", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCC67BB7-0E4A-47FA-A04D-41837A18E103", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7422285-BB34-4D85-A4A4-ADD006401FE7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5248299-76EB-41DB-A036-5685F20D2A18", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DA0B484-221F-4E67-927F-DBCBBC1F6448", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1DE7CE5-6D8F-478B-AA9A-274AA74270AE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*", "matchCriteriaId": "48123BA8-E8D5-4AEF-A4CF-8136AFA400F4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B39C403-6D28-41E3-A2D0-79473D6B9733", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FD5AC03-3EF9-485F-B17A-E6D9D759A844", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1AA1C6D-E86C-46B6-AA32-FB9B34D60F1D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*", "matchCriteriaId": "75B2D398-870D-408F-817D-FDEE8C93D683", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE2F668D-DD5C-4E70-A677-5029C25AB65E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*", "matchCriteriaId": "28431C96-C4CF-4029-BBD0-1B364C406D86", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA924895-0CE8-453A-98E0-0942AA33BECE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*", "matchCriteriaId": "C193E51C-F9DD-43FD-913D-742513E63C61", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E42AEAD-D52A-45E6-97FE-A6C8FE5C59BC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5752722-3EC7-401D-A114-ACA4662890BA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot." }, { "lang": "es", "value": "Los robots cortac\u00e9sped y aspiradores ECOVACS utilizan una clave sim\u00e9trica determinista para descifrar las actualizaciones de firmware. Un atacante puede crear y cifrar un firmware malicioso que el robot descifrar\u00e1 e instalar\u00e1 con \u00e9xito." } ], "id": "CVE-2024-52331", "lastModified": "2025-09-23T17:46:12.860", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-01-23T17:15:14.563", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-494" }, { "lang": "en", "value": "CWE-1391" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-09-05 18:15
Modified
2025-09-23 17:11
Severity ?
Summary
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
References
▼ | URL | Tags | |
---|---|---|---|
9119a7d8-5eab-497f-8521-727c672e3725 | https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json | Third Party Advisory | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19 | Third Party Advisory, US Government Resource | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://www.cve.org/CVERecord?id=CVE-2025-30199 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC05115A-88CE-44C9-B53A-E5B0F3AEF061", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5BD12C9-8159-480E-8F8D-34675B987912", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "003B54E0-B2FF-485A-9A55-925609EE8DF1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3631308-6EFE-4368-AD5F-443706623DFB", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "91E23E30-45BE-4142-8E9C-032282F3B6A6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "476156B2-527A-4536-A028-F2C882BF48C1", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80157CEF-397B-45ED-A1A3-AABD4E0E2170", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_turbo:-:*:*:*:*:*:*:*", "matchCriteriaId": "65F69609-1D21-461A-9457-A745194759CD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "476156B2-527A-4536-A028-F2C882BF48C1", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DEFD6A2-1283-4631-9AE3-9347ACAE9568", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "84565C28-CE48-4008-83BA-4132CA50EE03", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "11395F70-87C2-41DD-9D9A-CFA8D0512ECE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DCA4CF1-6C07-4EA5-A54C-D5C84FAB752A", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CBAA124-1B4C-4E75-80E1-A747AC9183E1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F736710C-7AFE-4D52-A353-E8D42ECCEC54", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_turbo:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DEFE0B-99F7-49DF-96E3-69B6FC1EF262", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69792E89-A3F2-4545-AAD9-25FEB81EDB58", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "6938C0BF-F53B-4F93-A8E9-5FEC280DA477", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_pro_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "918AF480-BDB5-4925-B9FE-EED491983152", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_pro_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA4D16A6-A8B8-44C5-9FDC-CD05069F2FFA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "643E2424-6282-47EA-BC6B-B5C058942538", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3E5F4E4-30FE-4E76-8BA2-CEEBC81DA4E6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t30_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EADCF051-0A70-4314-9118-18B38C5C7F93", "versionEndExcluding": "1.100.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t30_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B4D1A83-F00F-4F66-88DF-67C9FD036016", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t30s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE558FD-B245-4B1A-82BA-04F80DB518AF", "versionEndExcluding": "1.100.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t30s:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAC6EDB9-24EE-4113-B3D6-90CA18590BA9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station." } ], "id": "CVE-2025-30199", "lastModified": "2025-09-23T17:11:48.730", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-09-05T18:15:39.553", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory" ], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory" ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-30199" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-494" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-09-05 18:15
Modified
2025-09-23 17:12
Severity ?
Summary
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
References
▼ | URL | Tags | |
---|---|---|---|
9119a7d8-5eab-497f-8521-727c672e3725 | https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json | Third Party Advisory | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19 | Third Party Advisory, US Government Resource | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://www.cve.org/CVERecord?id=CVE-2025-30200 | Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC05115A-88CE-44C9-B53A-E5B0F3AEF061", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5BD12C9-8159-480E-8F8D-34675B987912", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "003B54E0-B2FF-485A-9A55-925609EE8DF1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3631308-6EFE-4368-AD5F-443706623DFB", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "91E23E30-45BE-4142-8E9C-032282F3B6A6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "476156B2-527A-4536-A028-F2C882BF48C1", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80157CEF-397B-45ED-A1A3-AABD4E0E2170", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_turbo:-:*:*:*:*:*:*:*", "matchCriteriaId": "65F69609-1D21-461A-9457-A745194759CD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "476156B2-527A-4536-A028-F2C882BF48C1", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DEFD6A2-1283-4631-9AE3-9347ACAE9568", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "84565C28-CE48-4008-83BA-4132CA50EE03", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "11395F70-87C2-41DD-9D9A-CFA8D0512ECE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DCA4CF1-6C07-4EA5-A54C-D5C84FAB752A", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CBAA124-1B4C-4E75-80E1-A747AC9183E1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F736710C-7AFE-4D52-A353-E8D42ECCEC54", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_turbo:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DEFE0B-99F7-49DF-96E3-69B6FC1EF262", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69792E89-A3F2-4545-AAD9-25FEB81EDB58", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "6938C0BF-F53B-4F93-A8E9-5FEC280DA477", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_pro_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "918AF480-BDB5-4925-B9FE-EED491983152", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_pro_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA4D16A6-A8B8-44C5-9FDC-CD05069F2FFA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "643E2424-6282-47EA-BC6B-B5C058942538", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3E5F4E4-30FE-4E76-8BA2-CEEBC81DA4E6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t30_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EADCF051-0A70-4314-9118-18B38C5C7F93", "versionEndExcluding": "1.100.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t30_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B4D1A83-F00F-4F66-88DF-67C9FD036016", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t30s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE558FD-B245-4B1A-82BA-04F80DB518AF", "versionEndExcluding": "1.100.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t30s:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAC6EDB9-24EE-4113-B3D6-90CA18590BA9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived." } ], "id": "CVE-2025-30200", "lastModified": "2025-09-23T17:12:03.670", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-09-05T18:15:39.727", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory" ], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory" ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-30200" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-321" }, { "lang": "en", "value": "CWE-798" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-01-23 17:15
Modified
2025-09-23 17:48
Severity ?
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
References
▼ | URL | Tags | |
---|---|---|---|
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf | Exploit, Third Party Advisory | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf | Exploit, Third Party Advisory | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://www.ecovacs.com/global/userhelp/dsa20241217001 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFBAD9FC-1343-4D07-99E6-9E7C3D77C694", "versionEndExcluding": "1.76.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "9BD94283-0BC1-4C7C-A5F3-9D57E44B4C64", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2_combo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAF98AFD-C399-4AB8-A637-29561F39F134", "versionEndExcluding": "1.81.10", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2_combo:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C12633C-1BD2-4BF6-BF11-FC05221B93EB", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "969D4A03-B499-4218-BF07-22E51654AA6C", "versionEndExcluding": "1.49.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "11AA1D51-EE29-4252-A739-1F1D4A3F428D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x5_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B819C9B-F143-4A63-825C-B1DF1DCB16B7", "versionEndExcluding": "1.70.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x5_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "64AB781B-CB28-4229-A74D-8CDD325EFAC3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x5_pro_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F61F40B-6031-4C32-9571-B92C3377EFB2", "versionEndExcluding": "1.38.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x5_pro_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFE49BE7-59E8-4447-B78B-4FEDF4F773CD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x5_pro_ultra_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C4821F3-3B7D-4035-980F-C11713C5D424", "versionEndExcluding": "1.17.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x5_pro_ultra:-:*:*:*:*:*:*:*", "matchCriteriaId": "8504979A-A4F0-4A03-8816-E9AB3BD6F40B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:mate_x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C4EC5E7-04E3-497C-ACD9-2479C48A2FC4", "versionEndExcluding": "1.44.18", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:mate_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "706F2C75-0E75-487B-BA24-EB824E6BC16B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F75A470-5B86-41C6-86E2-232656AF68F9", "versionEndExcluding": "2.4.41", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "91E23E30-45BE-4142-8E9C-032282F3B6A6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F868AC3-7B87-44E5-A7B0-F2C85DCA7E7C", "versionEndExcluding": "2.4.41", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_turbo:-:*:*:*:*:*:*:*", "matchCriteriaId": "65F69609-1D21-461A-9457-A745194759CD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B044584-55B4-4E88-99C9-9A48D9B4E908", "versionEndExcluding": "2.4.41", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "003B54E0-B2FF-485A-9A55-925609EE8DF1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE87B2E-A1B1-438E-9482-E8466647050B", "versionEndExcluding": "1.7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DA0B484-221F-4E67-927F-DBCBBC1F6448", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC2AA81-5895-43EE-8B34-D8074DDD301F", "versionEndExcluding": "1.7.3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5586D60-D87F-45A1-8619-F6CC12AD9731", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "849A58E5-2700-49F4-BF60-C35E97689AE1", "versionEndExcluding": "2.5.31", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7526B614-1962-490C-8972-2A275A471A86", "versionEndExcluding": "1.23.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "4612A790-C3CC-40AA-8E31-2C2918C6AB6C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1e_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "67C721A5-53B6-4B15-A76C-481EF4C45147", "versionEndExcluding": "2.4.42", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1e_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "16705AA3-4CAE-4BF5-8084-6A6CB30A1E8C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "454C233D-82D5-4B99-AC3A-94B1CF23F078", "versionEndExcluding": "1.10.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_turbo:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DEFE0B-99F7-49DF-96E3-69B6FC1EF262", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79E44970-1ADF-4170-A09A-F64F02E27C64", "versionEndExcluding": "1.7.5", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CBAA124-1B4C-4E75-80E1-A747AC9183E1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA98740-BA9B-4479-B92F-F76B1234D2FE", "versionEndExcluding": "1.7.5", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B843C490-26E9-4D03-8BCB-DBC462833D12", "versionEndExcluding": "1.9.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "11395F70-87C2-41DD-9D9A-CFA8D0512ECE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3F737D6-74BD-47F8-88B7-045E8B280E46", "versionEndExcluding": "1.76.6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "C98FE3FD-E432-4DD7-AF87-6FBA4C4ABC45", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates." }, { "lang": "es", "value": "Las cortadoras de c\u00e9sped y las aspiradoras ECOVACS no validan correctamente los certificados TLS. Un atacante no autenticado puede leer o modificar el tr\u00e1fico TLS, posiblemente modificando las actualizaciones de firmware." } ], "id": "CVE-2024-52330", "lastModified": "2025-09-23T17:48:33.127", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.5, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-01-23T17:15:14.427", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Vendor Advisory" ], "url": "https://www.ecovacs.com/global/userhelp/dsa20241217001" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-295" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-01-23 17:15
Modified
2025-09-23 17:45
Severity ?
Summary
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
References
▼ | URL | Tags | |
---|---|---|---|
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5004D440-E3EE-4252-831B-7396887BA117", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C4E3255-6E5D-46FC-8DE0-462788F1B4FD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACB3D3DB-AFB6-4B36-B86D-358BE11FAE3E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED77EFA6-576C-411A-91D2-22C962C30C94", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC59B209-998B-43A6-875D-364844CA37C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA30BA8-4069-4525-A843-E88EFDC720DF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "43C72C62-49C3-49BE-A9F1-3572DA18647C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A663879-36BF-433D-9D7A-B62D65A5C6C9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D16EB997-ADC3-45AA-8E92-6F1371E85A35", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*", "matchCriteriaId": "D63E5FF5-9A27-4674-B573-6929CAB3BB01", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7060D3C-5F7C-4324-987D-C6EB4204CC47", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCC67BB7-0E4A-47FA-A04D-41837A18E103", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7422285-BB34-4D85-A4A4-ADD006401FE7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5248299-76EB-41DB-A036-5685F20D2A18", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DA0B484-221F-4E67-927F-DBCBBC1F6448", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1DE7CE5-6D8F-478B-AA9A-274AA74270AE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*", "matchCriteriaId": "48123BA8-E8D5-4AEF-A4CF-8136AFA400F4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B39C403-6D28-41E3-A2D0-79473D6B9733", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FD5AC03-3EF9-485F-B17A-E6D9D759A844", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1AA1C6D-E86C-46B6-AA32-FB9B34D60F1D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*", "matchCriteriaId": "75B2D398-870D-408F-817D-FDEE8C93D683", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE2F668D-DD5C-4E70-A677-5029C25AB65E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*", "matchCriteriaId": "28431C96-C4CF-4029-BBD0-1B364C406D86", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA924895-0CE8-453A-98E0-0942AA33BECE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*", "matchCriteriaId": "C193E51C-F9DD-43FD-913D-742513E63C61", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E42AEAD-D52A-45E6-97FE-A6C8FE5C59BC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5752722-3EC7-401D-A114-ACA4662890BA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism." }, { "lang": "es", "value": "Los robots cortac\u00e9sped ECOVACS almacenan el PIN antirrobo en texto plano en el sistema de archivos del dispositivo. Un atacante puede robar un cortac\u00e9sped, leer el PIN y restablecer el mecanismo antirrobo." } ], "id": "CVE-2024-12079", "lastModified": "2025-09-23T17:45:43.313", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-01-23T17:15:13.187", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-312" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-01-23 17:15
Modified
2025-09-23 17:44
Severity ?
Summary
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
References
▼ | URL | Tags | |
---|---|---|---|
9119a7d8-5eab-497f-8521-727c672e3725 | https://builder.dontvacuum.me/ecopassword.php | Product | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf | Exploit, Third Party Advisory | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5004D440-E3EE-4252-831B-7396887BA117", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C4E3255-6E5D-46FC-8DE0-462788F1B4FD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACB3D3DB-AFB6-4B36-B86D-358BE11FAE3E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED77EFA6-576C-411A-91D2-22C962C30C94", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC59B209-998B-43A6-875D-364844CA37C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA30BA8-4069-4525-A843-E88EFDC720DF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "43C72C62-49C3-49BE-A9F1-3572DA18647C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A663879-36BF-433D-9D7A-B62D65A5C6C9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D16EB997-ADC3-45AA-8E92-6F1371E85A35", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*", "matchCriteriaId": "D63E5FF5-9A27-4674-B573-6929CAB3BB01", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7060D3C-5F7C-4324-987D-C6EB4204CC47", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCC67BB7-0E4A-47FA-A04D-41837A18E103", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7422285-BB34-4D85-A4A4-ADD006401FE7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5248299-76EB-41DB-A036-5685F20D2A18", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DA0B484-221F-4E67-927F-DBCBBC1F6448", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1DE7CE5-6D8F-478B-AA9A-274AA74270AE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*", "matchCriteriaId": "48123BA8-E8D5-4AEF-A4CF-8136AFA400F4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B39C403-6D28-41E3-A2D0-79473D6B9733", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FD5AC03-3EF9-485F-B17A-E6D9D759A844", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1AA1C6D-E86C-46B6-AA32-FB9B34D60F1D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*", "matchCriteriaId": "75B2D398-870D-408F-817D-FDEE8C93D683", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE2F668D-DD5C-4E70-A677-5029C25AB65E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*", "matchCriteriaId": "28431C96-C4CF-4029-BBD0-1B364C406D86", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA924895-0CE8-453A-98E0-0942AA33BECE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*", "matchCriteriaId": "C193E51C-F9DD-43FD-913D-742513E63C61", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E42AEAD-D52A-45E6-97FE-A6C8FE5C59BC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5752722-3EC7-401D-A114-ACA4662890BA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root." }, { "lang": "es", "value": "Los robots cortac\u00e9sped y aspiradores ECOVACS utilizan una contrase\u00f1a ra\u00edz determinista generada en funci\u00f3n del modelo y el n\u00famero de serie. Un atacante con acceso de shell puede iniciar sesi\u00f3n como superusuario." } ], "id": "CVE-2024-11147", "lastModified": "2025-09-23T17:44:13.273", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 6.0, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-01-23T17:15:12.860", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Product" ], "url": "https://builder.dontvacuum.me/ecopassword.php" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-798" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-01-23 17:15
Modified
2025-09-23 17:45
Severity ?
Summary
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
References
▼ | URL | Tags | |
---|---|---|---|
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf | Exploit, Third Party Advisory | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://youtu.be/_wUsM0Mlenc?t=2041 | Exploit |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7060D3C-5F7C-4324-987D-C6EB4204CC47", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCC67BB7-0E4A-47FA-A04D-41837A18E103", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7422285-BB34-4D85-A4A4-ADD006401FE7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5248299-76EB-41DB-A036-5685F20D2A18", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DA0B484-221F-4E67-927F-DBCBBC1F6448", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1DE7CE5-6D8F-478B-AA9A-274AA74270AE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*", "matchCriteriaId": "48123BA8-E8D5-4AEF-A4CF-8136AFA400F4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B39C403-6D28-41E3-A2D0-79473D6B9733", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FD5AC03-3EF9-485F-B17A-E6D9D759A844", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1AA1C6D-E86C-46B6-AA32-FB9B34D60F1D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*", "matchCriteriaId": "75B2D398-870D-408F-817D-FDEE8C93D683", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE2F668D-DD5C-4E70-A677-5029C25AB65E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*", "matchCriteriaId": "28431C96-C4CF-4029-BBD0-1B364C406D86", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA924895-0CE8-453A-98E0-0942AA33BECE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*", "matchCriteriaId": "C193E51C-F9DD-43FD-913D-742513E63C61", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E42AEAD-D52A-45E6-97FE-A6C8FE5C59BC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5752722-3EC7-401D-A114-ACA4662890BA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5004D440-E3EE-4252-831B-7396887BA117", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C4E3255-6E5D-46FC-8DE0-462788F1B4FD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACB3D3DB-AFB6-4B36-B86D-358BE11FAE3E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED77EFA6-576C-411A-91D2-22C962C30C94", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC59B209-998B-43A6-875D-364844CA37C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA30BA8-4069-4525-A843-E88EFDC720DF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "43C72C62-49C3-49BE-A9F1-3572DA18647C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A663879-36BF-433D-9D7A-B62D65A5C6C9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D16EB997-ADC3-45AA-8E92-6F1371E85A35", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*", "matchCriteriaId": "D63E5FF5-9A27-4674-B573-6929CAB3BB01", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key." }, { "lang": "es", "value": "Los robots cortac\u00e9sped y aspiradores ECOVACS utilizan una clave secreta est\u00e1tica compartida para cifrar los mensajes GATT de BLE. Un atacante no autenticado dentro del alcance de BLE puede controlar cualquier robot que utilice la misma clave." } ], "id": "CVE-2024-12078", "lastModified": "2025-09-23T17:45:19.900", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-01-23T17:15:13.020", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit" ], "url": "https://youtu.be/_wUsM0Mlenc?t=2041" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-321" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-01-23 17:15
Modified
2025-09-23 17:44
Severity ?
Summary
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
References
▼ | URL | Tags | |
---|---|---|---|
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf | Exploit, Third Party Advisory | |
9119a7d8-5eab-497f-8521-727c672e3725 | https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf | Exploit, Third Party Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "ACB3D3DB-AFB6-4B36-B86D-358BE11FAE3E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED77EFA6-576C-411A-91D2-22C962C30C94", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5004D440-E3EE-4252-831B-7396887BA117", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C4E3255-6E5D-46FC-8DE0-462788F1B4FD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC59B209-998B-43A6-875D-364844CA37C7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA30BA8-4069-4525-A843-E88EFDC720DF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "43C72C62-49C3-49BE-A9F1-3572DA18647C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A663879-36BF-433D-9D7A-B62D65A5C6C9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D16EB997-ADC3-45AA-8E92-6F1371E85A35", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*", "matchCriteriaId": "D63E5FF5-9A27-4674-B573-6929CAB3BB01", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7060D3C-5F7C-4324-987D-C6EB4204CC47", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCC67BB7-0E4A-47FA-A04D-41837A18E103", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7422285-BB34-4D85-A4A4-ADD006401FE7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5248299-76EB-41DB-A036-5685F20D2A18", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DA0B484-221F-4E67-927F-DBCBBC1F6448", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1DE7CE5-6D8F-478B-AA9A-274AA74270AE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*", "matchCriteriaId": "48123BA8-E8D5-4AEF-A4CF-8136AFA400F4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B39C403-6D28-41E3-A2D0-79473D6B9733", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FD5AC03-3EF9-485F-B17A-E6D9D759A844", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1AA1C6D-E86C-46B6-AA32-FB9B34D60F1D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*", "matchCriteriaId": "75B2D398-870D-408F-817D-FDEE8C93D683", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE2F668D-DD5C-4E70-A677-5029C25AB65E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*", "matchCriteriaId": "28431C96-C4CF-4029-BBD0-1B364C406D86", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA924895-0CE8-453A-98E0-0942AA33BECE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*", "matchCriteriaId": "C193E51C-F9DD-43FD-913D-742513E63C61", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E42AEAD-D52A-45E6-97FE-A6C8FE5C59BC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5752722-3EC7-401D-A114-ACA4662890BA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on." }, { "lang": "es", "value": "Los robots cortac\u00e9sped y aspiradores ECOVACS almacenan de forma insegura archivos de audio que se utilizan para indicar que la c\u00e1mara est\u00e1 encendida. Un atacante con acceso al sistema de archivos /data puede eliminar o modificar los archivos de advertencia de forma que los usuarios no sepan que la c\u00e1mara est\u00e1 encendida." } ], "id": "CVE-2024-52328", "lastModified": "2025-09-23T17:44:56.110", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.8, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-01-23T17:15:14.133", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-732" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2025-09-05 18:15
Modified
2025-09-23 17:11
Severity ?
Summary
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC05115A-88CE-44C9-B53A-E5B0F3AEF061", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5BD12C9-8159-480E-8F8D-34675B987912", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "003B54E0-B2FF-485A-9A55-925609EE8DF1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3631308-6EFE-4368-AD5F-443706623DFB", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "91E23E30-45BE-4142-8E9C-032282F3B6A6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "476156B2-527A-4536-A028-F2C882BF48C1", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80157CEF-397B-45ED-A1A3-AABD4E0E2170", "versionEndExcluding": "2.5.38", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1_turbo:-:*:*:*:*:*:*:*", "matchCriteriaId": "65F69609-1D21-461A-9457-A745194759CD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "476156B2-527A-4536-A028-F2C882BF48C1", "versionEndExcluding": "2.4.45", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "037628A9-DD54-4A4B-97A9-78142B76E91E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DEFD6A2-1283-4631-9AE3-9347ACAE9568", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*", "matchCriteriaId": "318C962D-54C2-456E-A045-1332A02958E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "84565C28-CE48-4008-83BA-4132CA50EE03", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "11395F70-87C2-41DD-9D9A-CFA8D0512ECE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DCA4CF1-6C07-4EA5-A54C-D5C84FAB752A", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CBAA124-1B4C-4E75-80E1-A747AC9183E1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F736710C-7AFE-4D52-A353-E8D42ECCEC54", "versionEndExcluding": "1.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t10_turbo:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DEFE0B-99F7-49DF-96E3-69B6FC1EF262", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69792E89-A3F2-4545-AAD9-25FEB81EDB58", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "6938C0BF-F53B-4F93-A8E9-5FEC280DA477", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_pro_plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "918AF480-BDB5-4925-B9FE-EED491983152", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_pro_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA4D16A6-A8B8-44C5-9FDC-CD05069F2FFA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t20_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "643E2424-6282-47EA-BC6B-B5C058942538", "versionEndExcluding": "1.25.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t20_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3E5F4E4-30FE-4E76-8BA2-CEEBC81DA4E6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t30_omni_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EADCF051-0A70-4314-9118-18B38C5C7F93", "versionEndExcluding": "1.100.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t30_omni:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B4D1A83-F00F-4F66-88DF-67C9FD036016", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:ecovacs:deebot_t30s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE558FD-B245-4B1A-82BA-04F80DB518AF", "versionEndExcluding": "1.100.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:ecovacs:deebot_t30s:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAC6EDB9-24EE-4113-B3D6-90CA18590BA9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived." } ], "id": "CVE-2025-30198", "lastModified": "2025-09-23T17:11:29.170", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" } ] }, "published": "2025-09-05T18:15:39.353", "references": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory" ], "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19" }, { "source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": [ "Third Party Advisory" ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-30198" } ], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-321" }, { "lang": "en", "value": "CWE-798" } ], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-798" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }