Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ecovacs — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting Ecovacs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ECOVACS specializes in autonomous cleaning robots for residential and commercial environments. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insecure web interfaces and insufficient authentication mechanisms. Security researchers have identified issues allowing unauthorized device access and control, with some CVEs enabling complete compromise of connected devices. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across multiple product lines suggests ongoing challenges in secure development practices. The company's IoT ecosystem requires robust security updates to mitigate risks associated with network-connected home appliances.

Top products by Ecovacs: Unspecified robots DEEBOT X1 Series ECOVACS HOME DEEBOT X5 PRO PLUS GOAT G1 Ecovacs Mobile and Android Application
CVE IDTitleCVSSSeverityPublished
CVE-2025-30198 ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK — DEEBOT X1 SeriesCWE-321 6.3 Medium2025-09-05
CVE-2025-30199 ECOVACS Vacuum and Base Station accept unsigned firmware — DEEBOT X1 SeriesCWE-494 7.2 High2025-09-05
CVE-2025-30200 ECOVACS Vacuum and Base Station Hard-Coded AES Encryption — DEEBOT X1 SeriesCWE-321 6.3 Medium2025-09-05
CVE-2025-2394 Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications — Ecovacs Mobile and Android ApplicationCWE-798 6.5AIMediumAI2025-05-23
CVE-2024-52327 ECOVACS lawnmower and vacuum cloud service live video PIN bypass — ECOVACS HOMECWE-603 6.5 Medium2025-01-23
CVE-2024-12079 ECOVACS lawnmowers cleartext storage of anti-theft PIN — Unspecified robotsCWE-312 3.3 Low2025-01-23
CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key — Unspecified robotsCWE-321 6.3 Medium2025-01-23
CVE-2024-11147 ECOVACS lawnmowers and vacuums deterministic root password — Unspecified robotsCWE-798 7.6 High2025-01-23
CVE-2024-52331 ECOVACS lawnmowers and vacuums deterministic firmware encryption key — Unspecified robotsCWE-494 7.5 High2025-01-23
CVE-2024-52330 ECOVACS lawnmowers and vacuums do not properly validate TLS certificates — DEEBOT X5 PRO PLUSCWE-295 7.4 High2025-01-23
CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates — ECOVACS HOMECWE-295 7.4 High2025-01-23
CVE-2024-52328 ECOVACS lawnmowers and vacuums insecurely store audio warning files — Unspecified robotsCWE-732 2.3 Low2025-01-23
CVE-2024-52325 ECOVACS robot lawnmowers and vacuums command injection — GOAT G1CWE-77 9.6 Critical2025-01-23

This page lists every published CVE security advisory associated with Ecovacs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.