ecovacs deebot_x2_firmware CVE Vulnerabilities (5)

CVEs: 5 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting ecovacs deebot_x2_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 15 of 5 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-52331 ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. 9119a7d8-5eab-497f-8521-727c672e3725 7.7 0.20% 2025-01-23 2026-06-17
CVE-2024-52328 ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. 9119a7d8-5eab-497f-8521-727c672e3725 1.8 0.20% 2025-01-23 2026-06-17
CVE-2024-12079 ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. 9119a7d8-5eab-497f-8521-727c672e3725 4.8 0.14% 2025-01-23 2026-06-17
CVE-2024-12078 ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. 9119a7d8-5eab-497f-8521-727c672e3725 5.3 0.31% 2025-01-23 2026-06-17
CVE-2024-11147 ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. 9119a7d8-5eab-497f-8521-727c672e3725 7.0 0.38% 2025-01-23 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence