This page lists publicly disclosed CVE vulnerabilities affecting ecovacs deebot_t10_plus_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-30200 | ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived. | 9119a7d8-5eab-497f-8521-727c672e3725 | 2.3 | 0.13% | 2025-09-05 | 2026-06-17 |
| CVE-2025-30199 | ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station. | 9119a7d8-5eab-497f-8521-727c672e3725 | 7.5 | 0.27% | 2025-09-05 | 2026-06-17 |
| CVE-2025-30198 | ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived. | 9119a7d8-5eab-497f-8521-727c672e3725 | 2.3 | 0.20% | 2025-09-05 | 2026-06-17 |
| CVE-2024-52330 | ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. | 9119a7d8-5eab-497f-8521-727c672e3725 | 9.5 | 0.32% | 2025-01-23 | 2026-06-17 |