CVE-2025-30199

High CVSS: 7.5

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

Vendor

Ecovacs

Product

Deebot X1s Pro Firmware

CWE

CWE-494

Yayın Tarihi

2025-09-05 18:15:39

Güncelleme

2025-09-23 17:11:48

Source Identifier

9119a7d8-5eab-497f-8521-727c672e3725

KEV Date Added

Kategoriler

CWE-494 Deebot X1s Pro Firmware HIGH Ecovacs 2025

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19 https://www.cve.org/CVERecord?id=CVE-2025-30199

Benzer Kayıtlar

Low

CVE-2025-30198

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which c…

Low

CVE-2025-30200

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption ke…

Low

CVE-2024-52328

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker wi…

Critical

CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attack…

Critical

CVE-2024-52330

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify…

High

CVE-2024-52331

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can crea…