CVE-2025-30198 – ECOVACS robot vacuums and base stations use a p... (How to Fix)

Q: What is the severity of CVE-2025-30198?

CVE-2025-30198 has a CVSS score of 6.3 (MEDIUM). ECOVACS robot vacuums and base stations use a predictable WPA2-PSK that can be easily derived, allowing attackers to join the local Wi-Fi network. This affects all ECOVACS robot vacuum models and base stations using this insecure communication method. Attackers can potentially intercept or manipulate device communications.

📋 TL;DR

ECOVACS robot vacuums and base stations use a predictable WPA2-PSK that can be easily derived, allowing attackers to join the local Wi-Fi network. This affects all ECOVACS robot vacuum models and base stations using this insecure communication method. Attackers can potentially intercept or manipulate device communications.

💻 Affected Systems

Products:

ECOVACS robot vacuums
ECOVACS base stations

Versions: All versions using insecure Wi-Fi communication

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable due to deterministic WPA2-PSK generation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full network access, intercept sensitive data, manipulate vacuum operations, or use the device as a pivot point to attack other network devices.

🟠

Likely Case

Attackers monitor device communications, potentially accessing Wi-Fi credentials or other transmitted data, but limited to local network proximity.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to the isolated IoT network with no access to critical systems.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires physical proximity to derive WPA2-PSK and join network.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19

Restart Required: No

Instructions:

No official patch available. Follow workarounds and mitigation steps.

🔧 Temporary Workarounds

Network Segmentation

all

Place ECOVACS devices on isolated IoT network VLAN

Physical Security

all

Restrict physical access to devices to prevent PSK derivation

🧯 If You Can't Patch

Disconnect devices from network when not in use
Monitor network for unauthorized devices joining Wi-Fi

🔍 How to Verify

Check if Vulnerable:

Check if ECOVACS device uses default Wi-Fi with predictable PSK

Check Version:

Check device firmware via ECOVACS app

Verify Fix Applied:

Verify device is on isolated network and monitor for unauthorized connections

📡 Detection & Monitoring

Log Indicators:

Unauthorized MAC addresses on Wi-Fi network
Unexpected device connections

Network Indicators:

Unusual traffic patterns from IoT devices
New devices on Wi-Fi network

SIEM Query:

source="wifi-controller" AND (event="new-device" OR event="unauthorized-connection")

📊 Metadata

CVE ID: CVE-2025-30198

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-321

EPSS Score: 0.02% exploit probability (4.8th percentile)

Published: September 5, 2025

Last Updated: September 23, 2025

🔗 References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-30198 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30198, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Deebot T10 Firmware by Ecovacs

Deebot T10 Omni Firmware by Ecovacs

Deebot T10 Plus Firmware by Ecovacs

Deebot T10 Turbo Firmware by Ecovacs

Deebot T20 Omni Firmware by Ecovacs

Deebot T20 Pro Firmware by Ecovacs

Deebot T20 Pro Plus Firmware by Ecovacs

Deebot T30 Omni Firmware by Ecovacs

Deebot T30s Firmware by Ecovacs

Deebot X1 Omni Firmware by Ecovacs

Deebot X1 Pro Omni Firmware by Ecovacs

Deebot X1 Turbo Firmware by Ecovacs

Deebot X1s Pro Firmware by Ecovacs

Deebot X1s Pro Firmware by Ecovacs

Deebot X1s Pro Firmware by Ecovacs

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Physical Security

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities