12 matches found
EUVD-2024-46258
Malicious code in bioql PyPI...
CVE-2025-2394
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service OSS, leading to sensitive data disclosure...
CVE-2025-2394
CVE-2025-2394 affects Ecovacs Home mobile apps (Android and iOS) up to version 3.3.0. The root cause is embedded Alibaba OSS access keys and secrets within the app, enabling potential sensitive data disclosure. The accompanying PT-2025-22570 advisory recommends removing or securely storing embedd...
PT-2025-22570 · Ecovacs · Ecovacs Home
Name of the Vulnerable Software and Affected Versions: Ecovacs Home Android and iOS Mobile Applications versions up to 3.3.0 Description: The issue concerns the disclosure of sensitive data due to embedded access keys and secrets for Alibaba Object Storage Service OSS in the Ecovacs Home mobile...
ECOVACS HOME 安全漏洞
ECOVACS HOME is a smart home management software from ECOVACS, China. A security vulnerability exists in ECOVACS HOME 3.3.0 and prior versions, which originates from embedding Alibaba Object Storage Service access keys and secrets, which could lead to sensitive data leakage...
CVE-2024-52329
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...
CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...
CVE-2024-52329
CVE-2024-52329 affects ECOVACS HOME mobile app plugins for specific robots, where TLS certificate validation is not properly performed. The underlying issue allows an unauthenticated attacker to read or modify TLS traffic and to obtain authentication tokens. The entry provides CVSS data indicatin...
CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...
ECOVACS HOME mobile app plugins 信任管理问题漏洞
The ECOVACS HOME mobile app plugins is a mobile app plugin from ECOVACS, China. A security vulnerability exists in the ECOVACS HOME mobile app plugins that stems from the mobile app plugin not properly validating TLS certificates. An unauthenticated attacker could read or modify TLS traffic and...