Sign-up

ID

VAR-202501-3454


CVE

CVE-2024-12078


TITLE

plural  ECOVACS  Vulnerabilities related to the use of hardcoded encryption keys in products

Trust: 0.8

sources: JVNDB: JVNDB-2024-028217

DESCRIPTION

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. DEEBOT N10 firmware, DEEBOT T10 firmware, DEEBOT X1 firmware etc. ECOVACS The product contains a vulnerability related to the use of hardcoded encryption keys.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-12078 // JVNDB: JVNDB-2024-028217

AFFECTED PRODUCTS

vendor:ecovacsmodel:airbot andyscope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t9scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:goat g1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot x2scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n9scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t20scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t10scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n8scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t8scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot avascope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n10scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot x1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot z1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot 900scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot avascope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t10scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t9scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:goat g1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot x1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:airbot andyscope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t8scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t20scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n9scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot 900scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n8scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot x2scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:airbot z1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n10scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-028217 // NVD: CVE-2024-12078

CVSS

SEVERITY

CVSSV2

CVSSV3

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2024-12078
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-028217
value: MEDIUM

Trust: 0.8

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2024-12078
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-028217
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-028217 // NVD: CVE-2024-12078

PROBLEMTYPE DATA

problemtype:CWE-321

Trust: 1.0

problemtype:Using hardcoded encryption keys (CWE-321) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028217 // NVD: CVE-2024-12078

EXTERNAL IDS

db:NVDid:CVE-2024-12078

Trust: 2.6

db:JVNDBid:JVNDB-2024-028217

Trust: 0.8

sources: JVNDB: JVNDB-2024-028217 // NVD: CVE-2024-12078

REFERENCES

url:https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf

Trust: 1.8

url:https://youtu.be/_wusm0mlenc?t=2041

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-12078

Trust: 0.8

sources: JVNDB: JVNDB-2024-028217 // NVD: CVE-2024-12078

SOURCES

db:JVNDBid:JVNDB-2024-028217
db:NVDid:CVE-2024-12078

LAST UPDATE DATE

2025-10-02T23:37:01.522000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-028217date:2025-09-30T07:37:00
db:NVDid:CVE-2024-12078date:2025-09-23T17:45:19.900

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-028217date:2025-09-30T00:00:00
db:NVDid:CVE-2024-12078date:2025-01-23T17:15:13.020