CVE-2024-12078

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12078
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf Exploit Third Party Advisory
https://youtu.be/_wUsM0Mlenc?t=2041 Exploit
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*
History

23 Sep 2025, 17:45

Type Values Removed Values Added
CPE cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*
Summary
  • (es) Los robots cortacésped y aspiradores ECOVACS utilizan una clave secreta estática compartida para cifrar los mensajes GATT de BLE. Un atacante no autenticado dentro del alcance de BLE puede controlar cualquier robot que utilice la misma clave.
References () https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf - () https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf - Exploit, Third Party Advisory
References () https://youtu.be/_wUsM0Mlenc?t=2041 - () https://youtu.be/_wUsM0Mlenc?t=2041 - Exploit
First Time Ecovacs deebot T8 Firmware
Ecovacs deebot 900 Firmware
Ecovacs deebot N10 Firmware
Ecovacs deebot X2 Firmware
Ecovacs deebot T9
Ecovacs deebot T10
Ecovacs goat G1
Ecovacs deebot T10 Firmware
Ecovacs deebot T9 Firmware
Ecovacs deebot 900
Ecovacs airbot Z1 Firmware
Ecovacs deebot X2
Ecovacs airbot Ava Firmware
Ecovacs deebot T8
Ecovacs deebot N9
Ecovacs airbot Ava
Ecovacs airbot Andy Firmware
Ecovacs deebot X1 Firmware
Ecovacs deebot X1
Ecovacs airbot Z1
Ecovacs deebot T20
Ecovacs
Ecovacs deebot N8 Firmware
Ecovacs deebot T20 Firmware
Ecovacs deebot N10
Ecovacs airbot Andy
Ecovacs deebot N8
Ecovacs goat G1 Firmware
Ecovacs deebot N9 Firmware

23 Jan 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-23 17:15

Updated : 2025-09-23 17:45

NVD link : CVE-2024-12078

Mitre link : CVE-2024-12078

CVE.ORG link : CVE-2024-12078

JSON object : View

Products Affected

ecovacs

  • deebot_n8
  • deebot_x2_firmware
  • deebot_t20_firmware
  • deebot_t20
  • deebot_t9
  • deebot_t10_firmware
  • deebot_t9_firmware
  • airbot_ava_firmware
  • deebot_x1
  • deebot_x1_firmware
  • deebot_n10_firmware
  • deebot_t10
  • deebot_t8_firmware
  • deebot_900
  • deebot_n10
  • goat_g1
  • deebot_n9_firmware
  • airbot_z1
  • deebot_x2
  • airbot_andy_firmware
  • deebot_n9
  • airbot_ava
  • deebot_n8_firmware
  • goat_g1_firmware
  • airbot_andy
  • airbot_z1_firmware
  • deebot_t8
  • deebot_900_firmware
CWE
CWE-321

Use of Hard-coded Cryptographic Key