CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

7.5CVSS6.9AI score0.00044EPSS

Exploits0References1

RedhatCVE•added 2025/09/07 6:11 p.m.•9 views

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

6.3CVSS7AI score0.00019EPSS

Exploits0References1

OSV•added 2025/09/05 6:15 p.m.•0 views

CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

7.5CVSS5.8AI score0.00044EPSS

Exploits0References3

OSV•added 2025/09/05 6:15 p.m.•0 views

CVE-2025-30198

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived...

2.3CVSS5.8AI score0.0003EPSS

Exploits0References3

OSV•added 2025/09/05 6:15 p.m.•0 views

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References3

NVD•added 2025/09/05 6:15 p.m.•1 views

CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

7.5CVSS0.00044EPSS

Exploits0References3

NVD•added 2025/09/05 6:15 p.m.•1 views

CVE-2025-30198

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived...

6.3CVSS0.0003EPSS

Exploits0References3

NVD•added 2025/09/05 6:15 p.m.•1 views

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

6.3CVSS0.00019EPSS

Exploits0References3

CVE•added 2025/09/05 5:45 p.m.•21 views

CVE-2025-30198

CVE-2025-30198 affects ECOVACS robot vacuums and base stations. Root causes: insecure Wi‑Fi using a deterministic WPA2-PSK that can be derived from device serial numbers; base stations do not validate firmware updates, enabling potential malicious OTA updates; AES encryption key similarly derivab...

6.3CVSS6.4AI score0.0003EPSS

Exploits0References3Affected Software1