Ecovacs Deebot X1 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ecovacs Deebot X1 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-11147 — CVSS 7.6 (high): ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell…
CVE-2024-52331 — CVSS 7.5 (high): ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt…
CVE-2024-52330 — CVSS 7.4 (high): ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic…
CVE-2024-12078 — CVSS 6.3 (medium): ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE…
CVE-2024-12079 — CVSS 3.3 (low): ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN…
CVE-2024-52328 — CVSS 2.3 (low): ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the…