Ecovacs: >> Deebot T10 Omni Firmware Security Vulnerabilities
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-05
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-09-05
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-05
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-01-23