Ecovacs

Deebot N8 Firmware

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.3

CVE-2024-52328

Exploit
  • EPSS 0.04%
  • Veröffentlicht 23.01.2025 17:15:14
  • Zuletzt bearbeitet 23.09.2025 17:44:56

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.

7.7

CVE-2024-52331

Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.01.2025 17:15:14
  • Zuletzt bearbeitet 02.10.2025 15:15:52

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.

6.3

CVE-2024-12078

Exploit
  • EPSS 0.11%
  • Veröffentlicht 23.01.2025 17:15:13
  • Zuletzt bearbeitet 23.09.2025 17:45:19

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

4.8

CVE-2024-12079

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.01.2025 17:15:13
  • Zuletzt bearbeitet 23.09.2025 17:45:43

ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.

7.6

CVE-2024-11147

Exploit
  • EPSS 0.12%
  • Veröffentlicht 23.01.2025 17:15:12
  • Zuletzt bearbeitet 23.09.2025 17:44:13

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.