Ecovacs
Products
6- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-44251 | Hig | 0.49 | 7.5 | 0.00 | Jul 10, 2025 | Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process. | ||
| CVE-2025-2394 | Med | 0.31 | — | 0.00 | May 23, 2025 | Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure. | ||
| CVE-2025-30198 | 0.00 | — | 0.00 | Sep 5, 2025 | ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived. | |||
| CVE-2025-30199 | 0.00 | — | 0.00 | Sep 5, 2025 | ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station. | |||
| CVE-2024-52330 | 0.00 | — | 0.01 | Jan 23, 2025 | ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. | |||
| CVE-2024-52325 | 0.00 | — | 0.01 | Jan 23, 2025 | ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. |
- risk 0.49cvss 7.5epss 0.00
Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.
- risk 0.31cvss —epss 0.00
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.
- CVE-2025-30198Sep 5, 2025risk 0.00cvss —epss 0.00
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
- CVE-2025-30199Sep 5, 2025risk 0.00cvss —epss 0.00
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
- CVE-2024-52330Jan 23, 2025risk 0.00cvss —epss 0.01
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
- CVE-2024-52325Jan 23, 2025risk 0.00cvss —epss 0.01
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.