Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ecovacs Subscribe
Filtered by product Deebot T10 Plus
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-52330 1 Ecovacs 40 Deebot T10, Deebot T10 Firmware, Deebot T10 Omni and 37 more 2025-09-23 N/A 7.4 HIGH
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
CVE-2025-30200 1 Ecovacs 26 Deebot T10, Deebot T10 Firmware, Deebot T10 Omni and 23 more 2025-09-23 N/A 6.3 MEDIUM
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
CVE-2025-30199 1 Ecovacs 26 Deebot T10, Deebot T10 Firmware, Deebot T10 Omni and 23 more 2025-09-23 N/A 7.2 HIGH
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
CVE-2025-30198 1 Ecovacs 26 Deebot T10, Deebot T10 Firmware, Deebot T10 Omni and 23 more 2025-09-23 N/A 6.3 MEDIUM
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.