Ecovacs: >> Deebot T30s Firmware Security Vulnerabilities
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-05
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-09-05
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-05
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
CVSS Score
9.6
EPSS Score
0.074
Published
2025-01-23