6.3

CVE-2024-12078

Exploit
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EcovacsDeebot N10 Firmware Version-
   EcovacsDeebot N10 Version-
EcovacsDeebot T10 Firmware Version-
   EcovacsDeebot T10 Version-
EcovacsDeebot X1 Firmware Version-
   EcovacsDeebot X1 Version-
EcovacsDeebot T20 Firmware Version-
   EcovacsDeebot T20 Version-
EcovacsDeebot X2 Firmware Version-
   EcovacsDeebot X2 Version-
EcovacsGoat G1 Firmware Version-
   EcovacsGoat G1 Version-
EcovacsAirbot Z1 Firmware Version-
   EcovacsAirbot Z1 Version-
EcovacsAirbot Ava Firmware Version-
   EcovacsAirbot Ava Version-
EcovacsAirbot Andy Firmware Version-
   EcovacsAirbot Andy Version-
EcovacsDeebot 900 Firmware Version-
   EcovacsDeebot 900 Version-
EcovacsDeebot N8 Firmware Version-
   EcovacsDeebot N8 Version-
EcovacsDeebot T8 Firmware Version-
   EcovacsDeebot T8 Version-
EcovacsDeebot N9 Firmware Version-
   EcovacsDeebot N9 Version-
EcovacsDeebot T9 Firmware Version-
   EcovacsDeebot T9 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.292
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
9119a7d8-5eab-497f-8521-727c672e3725 5.3 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
9119a7d8-5eab-497f-8521-727c672e3725 6.3 2.8 3.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.