ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-01-23
The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-23