CVE-2025-30198

Low CVSS: 2.3

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.

Vendor

Product

CWE

Yayın Tarihi

2025-09-05 18:15:39

Güncelleme

2025-09-23 17:11:29

Source Identifier

9119a7d8-5eab-497f-8521-727c672e3725

KEV Date Added

CWE-321 Deebot X1s Pro Firmware LOW Ecovacs 2025

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19 https://www.cve.org/CVERecord?id=CVE-2025-30198

High

CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to ba…

Low

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption ke…

Low

CVE-2024-52328

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker wi…

Critical

CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attack…

Critical

CVE-2024-52330

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify…

High

CVE-2024-52331

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can crea…