CVE-2024-11147 – ECOVACS robot lawnmowers and vacuums have a pre... (How to Fix)

Q: What is the severity of CVE-2024-11147?

CVE-2024-11147 has a CVSS score of 7.6 (HIGH). ECOVACS robot lawnmowers and vacuums have a predictable root password generated from model and serial number, allowing attackers with shell access to gain full system control. This affects all ECOVACS robotic devices using this authentication scheme, potentially compromising home networks and device functionality.

📋 TL;DR

ECOVACS robot lawnmowers and vacuums have a predictable root password generated from model and serial number, allowing attackers with shell access to gain full system control. This affects all ECOVACS robotic devices using this authentication scheme, potentially compromising home networks and device functionality.

💻 Affected Systems

Products:

ECOVACS robot lawnmowers
ECOVACS robot vacuums

Versions: All versions using deterministic root password generation

Operating Systems: Embedded Linux systems on ECOVACS devices

Default Config Vulnerable: ⚠️ Yes

Notes: Requires initial shell access via other vulnerabilities or physical access; password generation algorithm is publicly known.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to network pivoting, data exfiltration, physical safety risks (lawnmowers), and persistent backdoor installation.

🟠

Likely Case

Local network compromise, device manipulation, privacy violations through camera/microphone access, and denial of service.

🟢

If Mitigated

Limited to isolated device compromise if network segmentation prevents lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires shell access first; password calculator available at provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available; ECOVACS has not released firmware updates addressing this vulnerability.

🔧 Temporary Workarounds

Change root password manually

all

Manually set a strong, unique root password via SSH if shell access is available

passwd root

Disable root SSH access

all

Modify SSH configuration to prevent root login

sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
service ssh restart

🧯 If You Can't Patch

Network segmentation: Isolate ECOVACS devices on separate VLAN with strict firewall rules
Physical security: Restrict physical access to devices to prevent local exploitation

🔍 How to Verify

Check if Vulnerable:

Check if root password matches algorithm output using model/serial at ecopassword.php tool

Check Version:

cat /etc/version || uname -a

Verify Fix Applied:

Attempt SSH root login with generated password; should fail after password change

📡 Detection & Monitoring

Log Indicators:

Failed SSH root login attempts
Successful root logins from unusual sources
/var/log/auth.log anomalies

Network Indicators:

SSH connections to device on port 22
Unusual outbound traffic from device

SIEM Query:

source="auth.log" AND (event="Failed password for root" OR event="Accepted password for root")

📊 Metadata

CVE ID: CVE-2024-11147

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-798

EPSS Score: 0.12% exploit probability (31.2th percentile)

Published: January 23, 2025

Last Updated: September 23, 2025

🔗 References

https://builder.dontvacuum.me/ecopassword.php Product
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf Exploit,Third Party Advisory
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11147, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Airbot Andy Firmware by Ecovacs

Airbot Ava Firmware by Ecovacs

Airbot Z1 Firmware by Ecovacs

Deebot 900 Firmware by Ecovacs

Deebot N10 Firmware by Ecovacs

Deebot N8 Firmware by Ecovacs

Deebot N9 Firmware by Ecovacs

Deebot T10 Firmware by Ecovacs

Deebot T20 Firmware by Ecovacs

Deebot T8 Firmware by Ecovacs

Deebot T9 Firmware by Ecovacs

Deebot X1 Firmware by Ecovacs

Deebot X2 Firmware by Ecovacs

Goat G1 Firmware by Ecovacs