Product
ecovacs deebot t10 firmware
9 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-30200
CVE-2025-30199
CVE-2025-30198
CVE-2024-52331
CVE-2024-52330
CVE-2024-52328
CVE-2024-12079
CVE-2024-12078
CVE-2024-11147
< 1.11.0
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which c
< 1.11.0
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station
< 1.11.0
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easi
all versions
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and enc
< 1.7.5
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traff
all versions
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access
all versions
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read t
all versions
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker wi
all versions
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker wit