Vulnerability Details CVE-2024-12078
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.6%
CVSS Severity
CVSS v3 Score 6.3
References
Products affected by CVE-2024-12078
-
cpe:2.3:h:ecovacs:airbot_andy:-
-
cpe:2.3:h:ecovacs:airbot_ava:-
-
cpe:2.3:h:ecovacs:airbot_z1:-
-
cpe:2.3:h:ecovacs:deebot_900:-
-
cpe:2.3:h:ecovacs:deebot_n10:-
-
cpe:2.3:h:ecovacs:deebot_n8:-
-
cpe:2.3:h:ecovacs:deebot_n9:-
-
cpe:2.3:h:ecovacs:deebot_t10:-
-
cpe:2.3:h:ecovacs:deebot_t20:-
-
cpe:2.3:h:ecovacs:deebot_t8:-
-
cpe:2.3:h:ecovacs:deebot_t9:-
-
cpe:2.3:h:ecovacs:deebot_x1:-
-
cpe:2.3:h:ecovacs:deebot_x2:-
-
cpe:2.3:h:ecovacs:goat_g1:-
-
cpe:2.3:o:ecovacs:airbot_andy_firmware:-
-
cpe:2.3:o:ecovacs:airbot_ava_firmware:-
-
cpe:2.3:o:ecovacs:airbot_z1_firmware:-
-
cpe:2.3:o:ecovacs:deebot_900_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n10_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n8_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n9_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t10_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t20_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t8_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t9_firmware:-
-
cpe:2.3:o:ecovacs:deebot_x1_firmware:-
-
cpe:2.3:o:ecovacs:deebot_x2_firmware:-
-
cpe:2.3:o:ecovacs:goat_g1_firmware:-