Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46256

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00461EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-46259

Malicious code in bioql PyPI...

9.5CVSS6.6AI score0.00334EPSS
Exploits1References3
NVD
NVD
added 2025/09/05 6:15 p.m.4 views

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

6.3CVSS0.00127EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/05 5:45 p.m.3 views

CVE-2025-30198 ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived...

6.3CVSS6.4AI score0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/05 5:43 p.m.8 views

CVE-2025-30200 ECOVACS Vacuum and Base Station Hard-Coded AES Encryption

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...

6.3CVSS0.00127EPSS
Exploits0References3
OSV
OSV
added 2025/01/23 5:15 p.m.10 views

CVE-2024-52330

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates...

9.5CVSS5.8AI score0.00334EPSS
Exploits1References3
NVD
NVD
added 2025/01/23 5:15 p.m.20 views

CVE-2024-52328

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on...

2.3CVSS0.00209EPSS
Exploits1References2
NVD
NVD
added 2025/01/23 5:15 p.m.40 views

CVE-2024-52330

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates...

9.5CVSS0.00334EPSS
Exploits1References3
NVD
NVD
added 2025/01/23 5:15 p.m.19 views

CVE-2024-12078

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...

6.3CVSS0.00321EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/23 4:38 p.m.7 views

CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...

6.3CVSS6.4AI score0.00321EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/01/23 4:37 p.m.22 views

CVE-2024-11147 ECOVACS lawnmowers and vacuums deterministic root password

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root...

7.6CVSS0.00393EPSS
Exploits1References3
CVE
CVE
added 2025/01/23 4:37 p.m.61 views

CVE-2024-52331

ECOVACS robot lawnmowers and vacuums are affected by CVE-2024-52331 due to a deterministic symmetric key used to decrypt firmware updates. This allows an attacker to create and encrypt malicious firmware that will be decrypted and installed by the device. The description and connected entries con...

7.7CVSS7.5AI score0.00209EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/01/23 4:36 p.m.60 views

CVE-2024-52330

ECOVACS lawnmowers and vacuums are affected by CVE-2024-52330 due to improper TLS certificate validation. This allows an unauthenticated attacker to read or modify TLS traffic, potentially tampering with firmware updates. The vulnerability affects the product’s TLS handling in the affected device...

9.5CVSS7.5AI score0.00334EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/23 4:36 p.m.9 views

CVE-2024-52330 ECOVACS lawnmowers and vacuums do not properly validate TLS certificates

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates...

9.5CVSS7.6AI score0.00334EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/01/23 4:35 p.m.8 views

CVE-2024-52328 ECOVACS lawnmowers and vacuums insecurely store audio warning files

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on...

2.3CVSS3.8AI score0.00209EPSS
Exploits1References2
CVE
CVE
added 2025/01/23 4:35 p.m.54 views

CVE-2024-52328

The CVE-2024-52328 entry describes ECOVACS robot lawnmowers and vacuums that insecurely store audio files used to indicate that the camera is on. The underlying issue is insecure storage on the /data filesystem, which could allow an attacker with filesystem access to delete or modify the warning ...

2.3CVSS3.7AI score0.00209EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.4 views

PT-2025-2928 · Ecovacs · Ecovacs

Name of the Vulnerable Software and Affected Versions: ECOVACS lawnmowers and vacuums affected versions not specified Description: The issue concerns the improper validation of TLS certificates by ECOVACS lawnmowers and vacuums. This allows an unauthenticated attacker to read or modify TLS traffi...

9.5CVSS7AI score0.00334EPSS
Exploits1References8
Rows per page
Query Builder