7.6

CVE-2024-11147

Exploit
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EcovacsDeebot 900 Firmware Version-
   EcovacsDeebot 900 Version-
EcovacsDeebot N8 Firmware Version-
   EcovacsDeebot N8 Version-
EcovacsDeebot T8 Firmware Version-
   EcovacsDeebot T8 Version-
EcovacsDeebot N9 Firmware Version-
   EcovacsDeebot N9 Version-
EcovacsDeebot T9 Firmware Version-
   EcovacsDeebot T9 Version-
EcovacsDeebot N10 Firmware Version-
   EcovacsDeebot N10 Version-
EcovacsDeebot T10 Firmware Version-
   EcovacsDeebot T10 Version-
EcovacsDeebot X1 Firmware Version-
   EcovacsDeebot X1 Version-
EcovacsDeebot T20 Firmware Version-
   EcovacsDeebot T20 Version-
EcovacsDeebot X2 Firmware Version-
   EcovacsDeebot X2 Version-
EcovacsGoat G1 Firmware Version-
   EcovacsGoat G1 Version-
EcovacsAirbot Z1 Firmware Version-
   EcovacsAirbot Z1 Version-
EcovacsAirbot Ava Firmware Version-
   EcovacsAirbot Ava Version-
EcovacsAirbot Andy Firmware Version-
   EcovacsAirbot Andy Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.314
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
9119a7d8-5eab-497f-8521-727c672e3725 7 0 0
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
9119a7d8-5eab-497f-8521-727c672e3725 7.6 0.9 6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.