📦 Deebot X1 Firmware

ECOVACS robotic lawnmowers and vacuums fail to properly validate TLS certificates, allowing unauthenticated attackers to intercept and manipulate TLS traffic. This could enable firmware update tamperi...

ECOVACS robot lawnmowers and vacuums use a predictable symmetric key for firmware decryption, allowing attackers to create and install malicious firmware. This affects all ECOVACS robot models that re...

ECOVACS robot lawnmowers and vacuums have a predictable root password generated from model and serial number, allowing attackers with shell access to gain full system control. This affects all ECOVACS...

ECOVACS robot lawn mowers and vacuums use a static, shared secret key to encrypt Bluetooth Low Energy (BLE) GATT messages, allowing unauthenticated attackers within BLE range to control any robot usin...