Browse all 13 CVE security advisories affecting ECOVACS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ECOVACS specializes in autonomous cleaning robots for residential and commercial environments. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure web interfaces and insufficient authentication mechanisms. Security researchers have identified issues allowing unauthorized device access and control, with some CVEs enabling complete compromise of connected devices. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across multiple product lines suggests ongoing challenges in secure development practices. The company's IoT ecosystem requires robust security updates to mitigate risks associated with network-connected home appliances.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12079 | ECOVACS lawnmowers cleartext storage of anti-theft PIN — Unspecified robotsCWE-312 | 3.3 | Low | 2025-01-23 |
| CVE-2024-12078 | ECOVACS lawnmowers and vacuums static BLE GATT encryption key — Unspecified robotsCWE-321 | 6.3 | Medium | 2025-01-23 |
| CVE-2024-11147 | ECOVACS lawnmowers and vacuums deterministic root password — Unspecified robotsCWE-798 | 7.6 | High | 2025-01-23 |
| CVE-2024-52331 | ECOVACS lawnmowers and vacuums deterministic firmware encryption key — Unspecified robotsCWE-494 | 7.5 | High | 2025-01-23 |
| CVE-2024-52328 | ECOVACS lawnmowers and vacuums insecurely store audio warning files — Unspecified robotsCWE-732 | 2.3 | Low | 2025-01-23 |
This page lists every published CVE security advisory associated with ECOVACS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.