Description
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| ECOVACS | Unspecified robots | unknown |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-34389 | ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. |
References
History
Tue, 23 Sep 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ecovacs
Ecovacs airbot Andy Ecovacs airbot Andy Firmware Ecovacs airbot Ava Ecovacs airbot Ava Firmware Ecovacs airbot Z1 Ecovacs airbot Z1 Firmware Ecovacs deebot 900 Ecovacs deebot 900 Firmware Ecovacs deebot N10 Ecovacs deebot N10 Firmware Ecovacs deebot N8 Ecovacs deebot N8 Firmware Ecovacs deebot N9 Ecovacs deebot N9 Firmware Ecovacs deebot T10 Ecovacs deebot T10 Firmware Ecovacs deebot T20 Ecovacs deebot T20 Firmware Ecovacs deebot T8 Ecovacs deebot T8 Firmware Ecovacs deebot T9 Ecovacs deebot T9 Firmware Ecovacs deebot X1 Ecovacs deebot X1 Firmware Ecovacs deebot X2 Ecovacs deebot X2 Firmware Ecovacs goat G1 Ecovacs goat G1 Firmware |
|
| CPEs | cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Ecovacs
Ecovacs airbot Andy Ecovacs airbot Andy Firmware Ecovacs airbot Ava Ecovacs airbot Ava Firmware Ecovacs airbot Z1 Ecovacs airbot Z1 Firmware Ecovacs deebot 900 Ecovacs deebot 900 Firmware Ecovacs deebot N10 Ecovacs deebot N10 Firmware Ecovacs deebot N8 Ecovacs deebot N8 Firmware Ecovacs deebot N9 Ecovacs deebot N9 Firmware Ecovacs deebot T10 Ecovacs deebot T10 Firmware Ecovacs deebot T20 Ecovacs deebot T20 Firmware Ecovacs deebot T8 Ecovacs deebot T8 Firmware Ecovacs deebot T9 Ecovacs deebot T9 Firmware Ecovacs deebot X1 Ecovacs deebot X1 Firmware Ecovacs deebot X2 Ecovacs deebot X2 Firmware Ecovacs goat G1 Ecovacs goat G1 Firmware |
Wed, 12 Feb 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 23 Jan 2025 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. | |
| Title | ECOVACS lawnmowers and vacuums deterministic root password | |
| Weaknesses | CWE-798 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
Ecovacs
Subscribe
Airbot Andy
Subscribe
Airbot Andy Firmware
Subscribe
Airbot Ava
Subscribe
Airbot Ava Firmware
Subscribe
Airbot Z1
Subscribe
Airbot Z1 Firmware
Subscribe
Deebot 900
Subscribe
Deebot 900 Firmware
Subscribe
Deebot N10
Subscribe
Deebot N10 Firmware
Subscribe
Deebot N8
Subscribe
Deebot N8 Firmware
Subscribe
Deebot N9
Subscribe
Deebot N9 Firmware
Subscribe
Deebot T10
Subscribe
Deebot T10 Firmware
Subscribe
Deebot T20
Subscribe
Deebot T20 Firmware
Subscribe
Deebot T8
Subscribe
Deebot T8 Firmware
Subscribe
Deebot T9
Subscribe
Deebot T9 Firmware
Subscribe
Deebot X1
Subscribe
Deebot X1 Firmware
Subscribe
Deebot X2
Subscribe
Deebot X2 Firmware
Subscribe
Goat G1
Subscribe
Goat G1 Firmware
Subscribe
MITRE
Status: PUBLISHED
Assigner: cisa-cg
Published:
Updated: 2025-02-12T17:07:28.749Z
Reserved: 2024-11-12T15:39:13.966Z
Link: CVE-2024-11147
Vulnrichment
Updated: 2025-02-12T17:07:20.320Z
NVD
Status : Analyzed
Published: 2025-01-23T17:15:12.860
Modified: 2025-09-23T17:44:13.273
Link: CVE-2024-11147
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses