Ecovacs Deebot T10 Turbo Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ecovacs Deebot T10 Turbo Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-52330 — CVSS 7.4 (high): ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic…
CVE-2025-30199 — CVSS 7.2 (high): ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via…
CVE-2025-30198 — CVSS 6.3 (medium): ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily…
CVE-2025-30200 — CVSS 6.3 (medium): ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be…