VAR-202501-3454
Vulnerability from variot - Updated: 2025-10-02 23:37ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. DEEBOT N10 firmware, DEEBOT T10 firmware, DEEBOT X1 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded encryption keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-3454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"cve": "CVE-2024-12078",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-12078",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-028217",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-12078",
"trust": 1.0,
"value": "Medium"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028217",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. DEEBOT N10 firmware, DEEBOT T10 firmware, DEEBOT X1 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded encryption keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-12078"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-12078",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028217",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"id": "VAR-202501-3454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:37:01.522000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-321",
"trust": 1.0
},
{
"problemtype": "Using hardcoded encryption keys (CWE-321) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://youtu.be/_wusm0mlenc?t=2041"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-12078"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"date": "2025-01-23T17:15:13.020000",
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2024-028217"
},
{
"date": "2025-09-23T17:45:19.900000",
"db": "NVD",
"id": "CVE-2024-12078"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerabilities related to the use of hardcoded encryption keys in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028217"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…