Find a vulnerability
Search criteria
11 vulnerabilities by Ecovacs
VAR-202501-2794
Vulnerability from variot - Updated: 2025-10-03 23:34ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains vulnerabilities related to the insufficient integrity verification of downloaded code and the use of weak authentication credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-2794",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"cve": "CVE-2024-52331",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2024-52331",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-028231",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-52331",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028231",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains vulnerabilities related to the insufficient integrity verification of downloaded code and the use of weak authentication credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-52331"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-52331",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028231",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"id": "VAR-202501-2794",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-03T23:34:16.906000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1391",
"trust": 1.0
},
{
"problemtype": "CWE-494",
"trust": 1.0
},
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "Using weak credentials (CWE-1391) [ others ]",
"trust": 0.8
},
{
"problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-52331"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"date": "2025-01-23T17:15:14.563000",
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T07:49:00",
"db": "JVNDB",
"id": "JVNDB-2024-028231"
},
{
"date": "2025-10-02T15:15:52.810000",
"db": "NVD",
"id": "CVE-2024-52331"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerability related to insufficient integrity verification of downloaded code in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028231"
}
],
"trust": 0.8
}
}
VAR-202501-1846
Vulnerability from variot - Updated: 2025-10-02 23:38ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-1846",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"cve": "CVE-2024-11147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2024-11147",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-028187",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-11147",
"trust": 1.0,
"value": "High"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028187",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-11147"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-11147",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028187",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"id": "VAR-202501-1846",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:38:53.792000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://builder.dontvacuum.me/ecopassword.php"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-11147"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"date": "2025-01-23T17:15:12.860000",
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T01:47:00",
"db": "JVNDB",
"id": "JVNDB-2024-028187"
},
{
"date": "2025-09-23T17:44:13.273000",
"db": "NVD",
"id": "CVE-2024-11147"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Product use of hardcoded credentials vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028187"
}
],
"trust": 0.8
}
}
VAR-202501-3202
Vulnerability from variot - Updated: 2025-10-02 23:37ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. DEEBOT N8 firmware, DEEBOT 900 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability in improper permission assignment for critical resources.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-3202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"cve": "CVE-2024-52328",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2024-52328",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 2.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-028232",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-52328",
"trust": 1.0,
"value": "Low"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028232",
"trust": 0.8,
"value": "Low"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. DEEBOT N8 firmware, DEEBOT 900 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability in improper permission assignment for critical resources.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-52328"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-52328",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028232",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"id": "VAR-202501-3202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:37:01.563000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-52328"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"date": "2025-01-23T17:15:14.133000",
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T07:49:00",
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"date": "2025-09-23T17:44:56.110000",
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerability in improper permission assignment for critical resources in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
}
],
"trust": 0.8
}
}
VAR-202501-3454
Vulnerability from variot - Updated: 2025-10-02 23:37ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. DEEBOT N10 firmware, DEEBOT T10 firmware, DEEBOT X1 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded encryption keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-3454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"cve": "CVE-2024-12078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-12078",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-028217",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-12078",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028217",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. DEEBOT N10 firmware, DEEBOT T10 firmware, DEEBOT X1 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded encryption keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-12078"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-12078",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028217",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"id": "VAR-202501-3454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:37:01.522000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-321",
"trust": 1.0
},
{
"problemtype": "Using hardcoded encryption keys (CWE-321) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://youtu.be/_wusm0mlenc?t=2041"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-12078"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"date": "2025-01-23T17:15:13.020000",
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"date": "2025-09-23T17:45:19.900000",
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerabilities related to the use of hardcoded encryption keys in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
}
],
"trust": 0.8
}
}
VAR-202501-2625
Vulnerability from variot - Updated: 2025-10-02 23:18ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-2625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"cve": "CVE-2024-12079",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2024-12079",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-028188",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-12079",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028188",
"trust": 0.8,
"value": "Low"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-12079"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-12079",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028188",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"id": "VAR-202501-2625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:18:01.562000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-12079"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"date": "2025-01-23T17:15:13.187000",
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T01:51:00",
"db": "JVNDB",
"id": "JVNDB-2024-028188"
},
{
"date": "2025-09-23T17:45:43.313000",
"db": "NVD",
"id": "CVE-2024-12079"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerability in plaintext storage of critical information in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028188"
}
],
"trust": 0.8
}
}
CVE-2025-2394 (GCVE-0-2025-2394)
Vulnerability from nvd – Published: 2025-05-23 00:03 – Updated: 2025-09-30 05:50- CWE-798 - Use of Hard-coded Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| Ecovacs | Ecovacs Mobile and Android Application |
Affected:
3.3.0
(iOS, Android)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T13:16:37.932318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T13:16:47.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android",
"iOS"
],
"product": "Ecovacs Mobile and Android Application",
"vendor": "Ecovacs",
"versions": [
{
"status": "affected",
"version": "3.3.0",
"versionType": "iOS, Android"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure."
}
],
"value": "Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T05:50:10.557Z",
"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"shortName": "TML"
},
"references": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2025-2394"
},
{
"url": "https://www.ecovacs.com/global/userhelp/dsa20250507001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"assignerShortName": "TML",
"cveId": "CVE-2025-2394",
"datePublished": "2025-05-23T00:03:32.603Z",
"dateReserved": "2025-03-17T03:57:22.902Z",
"dateUpdated": "2025-09-30T05:50:10.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52329 (GCVE-0-2024-52329)
Vulnerability from nvd – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41- CWE-295 - Improper Certificate Validation
| Vendor | Product | Version | |
|---|---|---|---|
| ECOVACS | ECOVACS HOME |
Unaffected:
3.0.0
Affected: 0 , < 3.0.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52329",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:56:47.220852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:29.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ECOVACS HOME",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "3.0.0"
},
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:36:06.533Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
}
],
"title": "ECOVACS HOME mobile app plugins do not properly validate TLS certificates"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52329",
"datePublished": "2025-01-23T16:36:06.533Z",
"dateReserved": "2024-11-08T01:06:02.405Z",
"dateUpdated": "2025-02-12T20:41:29.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52327 (GCVE-0-2024-52327)
Vulnerability from nvd – Published: 2025-01-23 16:39 – Updated: 2025-02-12 20:41| Vendor | Product | Version | |
|---|---|---|---|
| ECOVACS | ECOVACS HOME |
Affected:
0 , < 3.0.2
(custom)
Unaffected: 3.0.2 |
|
| ECOVACS | cloud service |
Affected:
0 , < 2024-12-17
(custom)
Unaffected: 2024-12-17 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52327",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:53:52.437051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:28.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ECOVACS HOME",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "3.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.0.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "cloud service",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2024-12-17",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2024-12-17"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-603",
"description": "CWE-603 Use of Client-Side Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:39:27.516Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217002"
}
],
"title": "ECOVACS lawnmower and vacuum cloud service live video PIN bypass"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52327",
"datePublished": "2025-01-23T16:39:27.516Z",
"dateReserved": "2024-11-08T01:06:02.404Z",
"dateUpdated": "2025-02-12T20:41:28.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2394 (GCVE-0-2025-2394)
Vulnerability from cvelistv5 – Published: 2025-05-23 00:03 – Updated: 2025-09-30 05:50- CWE-798 - Use of Hard-coded Credentials
| Vendor | Product | Version | |
|---|---|---|---|
| Ecovacs | Ecovacs Mobile and Android Application |
Affected:
3.3.0
(iOS, Android)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T13:16:37.932318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T13:16:47.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android",
"iOS"
],
"product": "Ecovacs Mobile and Android Application",
"vendor": "Ecovacs",
"versions": [
{
"status": "affected",
"version": "3.3.0",
"versionType": "iOS, Android"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure."
}
],
"value": "Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T05:50:10.557Z",
"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"shortName": "TML"
},
"references": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2025-2394"
},
{
"url": "https://www.ecovacs.com/global/userhelp/dsa20250507001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"assignerShortName": "TML",
"cveId": "CVE-2025-2394",
"datePublished": "2025-05-23T00:03:32.603Z",
"dateReserved": "2025-03-17T03:57:22.902Z",
"dateUpdated": "2025-09-30T05:50:10.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52327 (GCVE-0-2024-52327)
Vulnerability from cvelistv5 – Published: 2025-01-23 16:39 – Updated: 2025-02-12 20:41| Vendor | Product | Version | |
|---|---|---|---|
| ECOVACS | ECOVACS HOME |
Affected:
0 , < 3.0.2
(custom)
Unaffected: 3.0.2 |
|
| ECOVACS | cloud service |
Affected:
0 , < 2024-12-17
(custom)
Unaffected: 2024-12-17 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52327",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:53:52.437051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:28.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ECOVACS HOME",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "3.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.0.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "cloud service",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2024-12-17",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2024-12-17"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-603",
"description": "CWE-603 Use of Client-Side Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:39:27.516Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217002"
}
],
"title": "ECOVACS lawnmower and vacuum cloud service live video PIN bypass"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52327",
"datePublished": "2025-01-23T16:39:27.516Z",
"dateReserved": "2024-11-08T01:06:02.404Z",
"dateUpdated": "2025-02-12T20:41:28.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52329 (GCVE-0-2024-52329)
Vulnerability from cvelistv5 – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41- CWE-295 - Improper Certificate Validation
| Vendor | Product | Version | |
|---|---|---|---|
| ECOVACS | ECOVACS HOME |
Unaffected:
3.0.0
Affected: 0 , < 3.0.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52329",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:56:47.220852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:29.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ECOVACS HOME",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "3.0.0"
},
{
"lessThan": "3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:36:06.533Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
}
],
"title": "ECOVACS HOME mobile app plugins do not properly validate TLS certificates"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52329",
"datePublished": "2025-01-23T16:36:06.533Z",
"dateReserved": "2024-11-08T01:06:02.405Z",
"dateUpdated": "2025-02-12T20:41:29.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}