Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ecovacs Subscribe
Filtered by product Airbot Z1
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-52331 1 Ecovacs 28 Airbot Andy, Airbot Andy Firmware, Airbot Ava and 25 more 2025-09-23 N/A 7.5 HIGH
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
CVE-2024-12079 1 Ecovacs 28 Airbot Andy, Airbot Andy Firmware, Airbot Ava and 25 more 2025-09-23 N/A 3.3 LOW
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
CVE-2024-12078 1 Ecovacs 28 Airbot Andy, Airbot Andy Firmware, Airbot Ava and 25 more 2025-09-23 N/A 6.3 MEDIUM
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
CVE-2024-52328 1 Ecovacs 28 Airbot Andy, Airbot Andy Firmware, Airbot Ava and 25 more 2025-09-23 N/A 2.3 LOW
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
CVE-2024-11147 1 Ecovacs 28 Airbot Andy, Airbot Andy Firmware, Airbot Ava and 25 more 2025-09-23 N/A 7.6 HIGH
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.