What is CVE-2024-12078?

CVE-2024-12078 is a medium-severity vulnerability in Ecovacs Unspecified Robots, classified under Use of Hard-coded Cryptographic Key. CVSS score: 6.3/10. Published 2025-01-23.

How severe is CVE-2024-12078?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Ecovacs Unspecified Robots

CVE-2024-12078

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

EPSS: 0.001 (26.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Ecovacs Unspecified Robots

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

References

Frequently asked questions

What is CVE-2024-12078?: CVE-2024-12078 is a medium-severity vulnerability in Ecovacs Unspecified Robots, classified under Use of Hard-coded Cryptographic Key. CVSS score: 6.3/10. Published 2025-01-23.
How severe is CVE-2024-12078?: Medium severity. CVSS v3 base score is 6.3 out of 10.