17 matches found
EUVD-2024-46256
Malicious code in bioql PyPI...
EUVD-2024-46259
Malicious code in bioql PyPI...
CVE-2025-30200
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...
CVE-2025-30198 ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived...
CVE-2025-30200 ECOVACS Vacuum and Base Station Hard-Coded AES Encryption
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...
CVE-2024-52330
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates...
CVE-2024-52328
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on...
CVE-2024-52330
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates...
CVE-2024-12078
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...
CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...
CVE-2024-11147 ECOVACS lawnmowers and vacuums deterministic root password
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root...
CVE-2024-52331
ECOVACS robot lawnmowers and vacuums are affected by CVE-2024-52331 due to a deterministic symmetric key used to decrypt firmware updates. This allows an attacker to create and encrypt malicious firmware that will be decrypted and installed by the device. The description and connected entries con...
CVE-2024-52330
ECOVACS lawnmowers and vacuums are affected by CVE-2024-52330 due to improper TLS certificate validation. This allows an unauthenticated attacker to read or modify TLS traffic, potentially tampering with firmware updates. The vulnerability affects the product’s TLS handling in the affected device...
CVE-2024-52330 ECOVACS lawnmowers and vacuums do not properly validate TLS certificates
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates...
CVE-2024-52328 ECOVACS lawnmowers and vacuums insecurely store audio warning files
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on...
CVE-2024-52328
The CVE-2024-52328 entry describes ECOVACS robot lawnmowers and vacuums that insecurely store audio files used to indicate that the camera is on. The underlying issue is insecure storage on the /data filesystem, which could allow an attacker with filesystem access to delete or modify the warning ...
PT-2025-2928 · Ecovacs · Ecovacs
Name of the Vulnerable Software and Affected Versions: ECOVACS lawnmowers and vacuums affected versions not specified Description: The issue concerns the improper validation of TLS certificates by ECOVACS lawnmowers and vacuums. This allows an unauthenticated attacker to read or modify TLS traffi...