CVE-2024-12079

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12079
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*
History

23 Sep 2025, 17:45

Type Values Removed Values Added
CPE cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*
Summary
  • (es) Los robots cortacésped ECOVACS almacenan el PIN antirrobo en texto plano en el sistema de archivos del dispositivo. Un atacante puede robar un cortacésped, leer el PIN y restablecer el mecanismo antirrobo.
References () https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf - () https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf - Exploit, Third Party Advisory
First Time Ecovacs deebot T8 Firmware
Ecovacs deebot 900 Firmware
Ecovacs deebot N10 Firmware
Ecovacs deebot X2 Firmware
Ecovacs deebot T9
Ecovacs deebot T10
Ecovacs goat G1
Ecovacs deebot T10 Firmware
Ecovacs deebot T9 Firmware
Ecovacs deebot 900
Ecovacs airbot Z1 Firmware
Ecovacs deebot X2
Ecovacs airbot Ava Firmware
Ecovacs deebot T8
Ecovacs deebot N9
Ecovacs airbot Ava
Ecovacs airbot Andy Firmware
Ecovacs deebot X1 Firmware
Ecovacs deebot X1
Ecovacs airbot Z1
Ecovacs deebot T20
Ecovacs
Ecovacs deebot N8 Firmware
Ecovacs deebot T20 Firmware
Ecovacs deebot N10
Ecovacs airbot Andy
Ecovacs deebot N8
Ecovacs goat G1 Firmware
Ecovacs deebot N9 Firmware

23 Jan 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-23 17:15

Updated : 2025-09-23 17:45

NVD link : CVE-2024-12079

Mitre link : CVE-2024-12079

CVE.ORG link : CVE-2024-12079

JSON object : View

Products Affected

ecovacs

  • airbot_andy
  • deebot_n9_firmware
  • deebot_900_firmware
  • deebot_t20
  • deebot_x2
  • deebot_t8_firmware
  • deebot_n10
  • goat_g1
  • airbot_ava_firmware
  • deebot_t10
  • deebot_x2_firmware
  • deebot_t8
  • airbot_z1_firmware
  • airbot_andy_firmware
  • deebot_n8_firmware
  • deebot_t9
  • goat_g1_firmware
  • deebot_n8
  • deebot_t9_firmware
  • deebot_x1
  • deebot_t20_firmware
  • airbot_z1
  • deebot_n10_firmware
  • deebot_900
  • deebot_n9
  • deebot_t10_firmware
  • deebot_x1_firmware
  • airbot_ava
CWE
CWE-312

Cleartext Storage of Sensitive Information