1. Home
  2. CVE Database
  3. CVE-2024-12078
MEDIUM · 6.3

CVE-2024-12078

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

Vulnerability Description

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
EcovacsDeebot N10 Firmware-
EcovacsDeebot N10-
EcovacsDeebot T10 Firmware-
EcovacsDeebot T10-
EcovacsDeebot X1 Firmware-
EcovacsDeebot X1-
EcovacsDeebot T20 Firmware-
EcovacsDeebot T20-
EcovacsDeebot X2 Firmware-
EcovacsDeebot X2-
EcovacsGoat G1 Firmware-
EcovacsGoat G1-
EcovacsAirbot Z1 Firmware-
EcovacsAirbot Z1-
EcovacsAirbot Ava Firmware-
EcovacsAirbot Ava-
EcovacsAirbot Andy Firmware-
EcovacsAirbot Andy-
EcovacsDeebot 900 Firmware-
EcovacsDeebot 900-

Related Weaknesses (CWE)

CWE-321

References

FAQ

What is CVE-2024-12078?

CVE-2024-12078 is a vulnerability with a CVSS score of 6.3 (MEDIUM). ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

How severe is CVE-2024-12078?

CVE-2024-12078 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12078?

Check the references section above for vendor advisories and patch information. Affected products include: Ecovacs Deebot N10 Firmware, Ecovacs Deebot N10, Ecovacs Deebot T10 Firmware, Ecovacs Deebot T10, Ecovacs Deebot X1 Firmware.