📦 Deebot T10 Firmware

ECOVACS vacuum robot base stations lack firmware update validation, allowing attackers to send malicious over-the-air updates via the insecure connection between robot and base station. This affects E...

ECOVACS robotic lawnmowers and vacuums fail to properly validate TLS certificates, allowing unauthenticated attackers to intercept and manipulate TLS traffic. This could enable firmware update tamperi...

ECOVACS robot lawnmowers and vacuums use a predictable symmetric key for firmware decryption, allowing attackers to create and install malicious firmware. This affects all ECOVACS robot models that re...

ECOVACS robot lawnmowers and vacuums have a predictable root password generated from model and serial number, allowing attackers with shell access to gain full system control. This affects all ECOVACS...

ECOVACS robot vacuums and base stations use a predictable WPA2-PSK that can be easily derived, allowing attackers to join the local Wi-Fi network. This affects all ECOVACS robot vacuum models and base...

ECOVACS robot lawn mowers and vacuums use a static, shared secret key to encrypt Bluetooth Low Energy (BLE) GATT messages, allowing unauthenticated attackers within BLE range to control any robot usin...