Ecovacs Security Vulnerabilities (CVEs)
Track 9 security vulnerabilities affecting Ecovacs products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
ECOVACS robot vacuums and base stations use a predictable WPA2-PSK that can be easily derived, allowing attackers to join the local Wi-Fi network. Thi...
Sep 5, 2025ECOVACS vacuum robot base stations lack firmware update validation, allowing attackers to send malicious over-the-air updates via the insecure connect...
Sep 5, 2025The ECOVACS HOME mobile app plugins for specific robot vacuum models fail to properly validate TLS certificates, allowing man-in-the-middle attackers ...
Jan 23, 2025ECOVACS robotic lawnmowers and vacuums fail to properly validate TLS certificates, allowing unauthenticated attackers to intercept and manipulate TLS ...
Jan 23, 2025ECOVACS robot lawnmowers and vacuums use a predictable symmetric key for firmware decryption, allowing attackers to create and install malicious firmw...
Jan 23, 2025ECOVACS robot lawn mowers and vacuums use a static, shared secret key to encrypt Bluetooth Low Energy (BLE) GATT messages, allowing unauthenticated at...
Jan 23, 2025This vulnerability allows authenticated attackers to bypass the PIN protection on ECOVACS robot lawnmowers and vacuums, enabling unauthorized access t...
Jan 23, 2025ECOVACS robot lawnmowers and vacuums have a predictable root password generated from model and serial number, allowing attackers with shell access to ...
Jan 23, 2025ECOVACS robot lawnmowers and vacuums are vulnerable to unauthenticated command injection via Bluetooth Low Energy (BLE) connections. Attackers within ...
Jan 23, 2025Why Monitor Ecovacs Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 9+ known vulnerabilities affecting Ecovacs products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Ecovacs packages in under 60 seconds. No agents required - completely agentless scanning that works across Ecovacs deployments.
Free vulnerability database: Access detailed information about every Ecovacs CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Ecovacs CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
