Ecovacs Unspecified Robots
5 CVEs affecting Ecovacs Unspecified Robots. Latest disclosed: 2025-01-23. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-11147 | High | 7.6 | 2025-01-23 | ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as r… |
CVE-2024-52331 | High | 7.5 | 2025-01-23 | ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that… |
CVE-2024-12078 | Medium | 6.3 | 2025-01-23 | ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control an… |
CVE-2024-12079 | Low | 3.3 | 2025-01-23 | ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-th… |
CVE-2024-52328 | Low | 2.3 | 2025-01-23 | ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can d… |