Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2024-55930
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
CVSS Score
6.7
EPSS Score
0.001
Published
2025-01-23
CVE-2024-45672
IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a denial of service.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-01-23
CVE-2024-52328
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
CVSS Score
2.3
EPSS Score
0.0
Published
2025-01-23
CVE-2024-52329
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-01-23
CVE-2024-52330
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-01-23
CVE-2024-52331
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-01-23
CVE-2024-12078
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-01-23
CVE-2024-12079
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-01-23
CVE-2024-52327
The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-23
CVE-2024-11147
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved