Search criteria
7 vulnerabilities found for DEEBOT X1 by ECOVACS
VAR-202501-2794
Vulnerability from variot - Updated: 2025-10-03 23:34ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains vulnerabilities related to the insufficient integrity verification of downloaded code and the use of weak authentication credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-2794",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"cve": "CVE-2024-52331",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2024-52331",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-028231",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-52331",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028231",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains vulnerabilities related to the insufficient integrity verification of downloaded code and the use of weak authentication credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-52331"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-52331",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028231",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"id": "VAR-202501-2794",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-03T23:34:16.906000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1391",
"trust": 1.0
},
{
"problemtype": "CWE-494",
"trust": 1.0
},
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "Using weak credentials (CWE-1391) [ others ]",
"trust": 0.8
},
{
"problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-52331"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"date": "2025-01-23T17:15:14.563000",
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T07:49:00",
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"date": "2025-10-02T15:15:52.810000",
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerability related to insufficient integrity verification of downloaded code in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
}
],
"trust": 0.8
}
}
VAR-202501-1846
Vulnerability from variot - Updated: 2025-10-02 23:38ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-1846",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"cve": "CVE-2024-11147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2024-11147",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-028187",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-11147",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028187",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11147"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11147",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028187",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"id": "VAR-202501-1846",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:38:53.792000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://builder.dontvacuum.me/ecopassword.php"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11147"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"date": "2025-01-23T17:15:12.860000",
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T01:47:00",
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"date": "2025-09-23T17:44:13.273000",
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Product use of hardcoded credentials vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
}
],
"trust": 0.8
}
}
VAR-202501-3202
Vulnerability from variot - Updated: 2025-10-02 23:37ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. DEEBOT N8 firmware, DEEBOT 900 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability in improper permission assignment for critical resources.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-3202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"cve": "CVE-2024-52328",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2024-52328",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 2.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-028232",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-52328",
"trust": 1.0,
"value": "Low"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028232",
"trust": 0.8,
"value": "Low"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. DEEBOT N8 firmware, DEEBOT 900 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability in improper permission assignment for critical resources.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-52328"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-52328",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028232",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"id": "VAR-202501-3202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:37:01.563000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-52328"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"date": "2025-01-23T17:15:14.133000",
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T07:49:00",
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"date": "2025-09-23T17:44:56.110000",
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerability in improper permission assignment for critical resources in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
}
],
"trust": 0.8
}
}
VAR-202501-3454
Vulnerability from variot - Updated: 2025-10-02 23:37ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. DEEBOT N10 firmware, DEEBOT T10 firmware, DEEBOT X1 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded encryption keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-3454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"cve": "CVE-2024-12078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-12078",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-028217",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-12078",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028217",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. DEEBOT N10 firmware, DEEBOT T10 firmware, DEEBOT X1 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded encryption keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-12078"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-12078",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028217",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"id": "VAR-202501-3454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:37:01.522000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-321",
"trust": 1.0
},
{
"problemtype": "Using hardcoded encryption keys (CWE-321) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://youtu.be/_wusm0mlenc?t=2041"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-12078"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"date": "2025-01-23T17:15:13.020000",
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"date": "2025-09-23T17:45:19.900000",
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerabilities related to the use of hardcoded encryption keys in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
}
],
"trust": 0.8
}
}
VAR-202501-2625
Vulnerability from variot - Updated: 2025-10-02 23:18ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-2625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"cve": "CVE-2024-12079",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2024-12079",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-028188",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-12079",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028188",
"trust": 0.8,
"value": "Low"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-12079"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-12079",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028188",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"id": "VAR-202501-2625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:18:01.562000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-12079"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"date": "2025-01-23T17:15:13.187000",
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T01:51:00",
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"date": "2025-09-23T17:45:43.313000",
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerability in plaintext storage of critical information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
}
],
"trust": 0.8
}
}
CVE-2024-52330 (GCVE-0-2024-52330)
Vulnerability from nvd – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41
VLAI?
Title
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
Severity ?
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ECOVACS | DEEBOT X5 PRO PLUS |
Unaffected:
1.38.0
Affected: 0 , < 1.38.0 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52330",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:56:31.855219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:28.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.38.0"
},
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.70.0"
},
{
"lessThan": "1.70.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2S",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.49.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.49.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.5.31"
},
{
"lessThan": "2.5.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1e OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.42"
},
{
"lessThan": "2.4.42",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.5"
},
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.9.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO ULTRA",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.17.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mate X",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.44.18"
},
{
"lessThan": "1.44.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 COMBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.81.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.81.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PRO OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.41"
},
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.23.0"
},
{
"lessThan": "1.23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.10.0"
},
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.7.5"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
},
{
"cvssV4_0": {
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:36:50.128Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
}
],
"title": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52330",
"datePublished": "2025-01-23T16:36:50.128Z",
"dateReserved": "2024-11-08T01:06:02.405Z",
"dateUpdated": "2025-02-12T20:41:28.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52330 (GCVE-0-2024-52330)
Vulnerability from cvelistv5 – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41
VLAI?
Title
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
Severity ?
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ECOVACS | DEEBOT X5 PRO PLUS |
Unaffected:
1.38.0
Affected: 0 , < 1.38.0 (custom) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52330",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:56:31.855219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:28.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.38.0"
},
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.70.0"
},
{
"lessThan": "1.70.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2S",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.49.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.49.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.5.31"
},
{
"lessThan": "2.5.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1e OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.42"
},
{
"lessThan": "2.4.42",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.5"
},
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.9.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO ULTRA",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.17.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mate X",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.44.18"
},
{
"lessThan": "1.44.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 COMBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.81.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.81.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PRO OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.41"
},
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.23.0"
},
{
"lessThan": "1.23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.10.0"
},
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.7.5"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
},
{
"cvssV4_0": {
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:36:50.128Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
}
],
"title": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52330",
"datePublished": "2025-01-23T16:36:50.128Z",
"dateReserved": "2024-11-08T01:06:02.405Z",
"dateUpdated": "2025-02-12T20:41:28.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}