Sign-up

ID

VAR-202501-2625


CVE

CVE-2024-12079


TITLE

plural  ECOVACS  Vulnerability in plaintext storage of critical information in products

Trust: 0.8

sources: JVNDB: JVNDB-2024-028188

DESCRIPTION

ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability related to plaintext storage of sensitive information.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-12079 // JVNDB: JVNDB-2024-028188

AFFECTED PRODUCTS

vendor:ecovacsmodel:airbot andyscope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:goat g1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n9scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot x2scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot z1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n8scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t10scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t20scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t8scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot avascope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n10scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot x1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t9scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot 900scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot avascope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t10scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t9scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:goat g1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot x1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:airbot andyscope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t8scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t20scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n9scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot 900scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n8scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot x2scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:airbot z1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n10scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-028188 // NVD: CVE-2024-12079

CVSS

SEVERITY

CVSSV2

CVSSV3

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2024-12079
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-028188
value: LOW

Trust: 0.8

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2024-12079
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-028188
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-028188 // NVD: CVE-2024-12079

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:Plaintext storage of important information (CWE-312) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028188 // NVD: CVE-2024-12079

EXTERNAL IDS

db:NVDid:CVE-2024-12079

Trust: 2.6

db:JVNDBid:JVNDB-2024-028188

Trust: 0.8

sources: JVNDB: JVNDB-2024-028188 // NVD: CVE-2024-12079

REFERENCES

url:https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-12079

Trust: 0.8

sources: JVNDB: JVNDB-2024-028188 // NVD: CVE-2024-12079

SOURCES

db:JVNDBid:JVNDB-2024-028188
db:NVDid:CVE-2024-12079

LAST UPDATE DATE

2025-10-02T23:18:01.562000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-028188date:2025-09-30T01:51:00
db:NVDid:CVE-2024-12079date:2025-09-23T17:45:43.313

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-028188date:2025-09-30T00:00:00
db:NVDid:CVE-2024-12079date:2025-01-23T17:15:13.187