ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
                
            Metrics
Affected Vendors & Products
References
        History
                    Thu, 02 Oct 2025 14:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-327 | 
Tue, 23 Sep 2025 18:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Ecovacs Ecovacs airbot Andy Ecovacs airbot Andy Firmware Ecovacs airbot Ava Ecovacs airbot Ava Firmware Ecovacs airbot Z1 Ecovacs airbot Z1 Firmware Ecovacs deebot 900 Ecovacs deebot 900 Firmware Ecovacs deebot N10 Ecovacs deebot N10 Firmware Ecovacs deebot N8 Ecovacs deebot N8 Firmware Ecovacs deebot N9 Ecovacs deebot N9 Firmware Ecovacs deebot T10 Ecovacs deebot T10 Firmware Ecovacs deebot T20 Ecovacs deebot T20 Firmware Ecovacs deebot T8 Ecovacs deebot T8 Firmware Ecovacs deebot T9 Ecovacs deebot T9 Firmware Ecovacs deebot X1 Ecovacs deebot X1 Firmware Ecovacs deebot X2 Ecovacs deebot X2 Firmware Ecovacs goat G1 Ecovacs goat G1 Firmware | |
| CPEs | cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:* cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:* | |
| Vendors & Products | Ecovacs Ecovacs airbot Andy Ecovacs airbot Andy Firmware Ecovacs airbot Ava Ecovacs airbot Ava Firmware Ecovacs airbot Z1 Ecovacs airbot Z1 Firmware Ecovacs deebot 900 Ecovacs deebot 900 Firmware Ecovacs deebot N10 Ecovacs deebot N10 Firmware Ecovacs deebot N8 Ecovacs deebot N8 Firmware Ecovacs deebot N9 Ecovacs deebot N9 Firmware Ecovacs deebot T10 Ecovacs deebot T10 Firmware Ecovacs deebot T20 Ecovacs deebot T20 Firmware Ecovacs deebot T8 Ecovacs deebot T8 Firmware Ecovacs deebot T9 Ecovacs deebot T9 Firmware Ecovacs deebot X1 Ecovacs deebot X1 Firmware Ecovacs deebot X2 Ecovacs deebot X2 Firmware Ecovacs goat G1 Ecovacs goat G1 Firmware | 
Wed, 12 Feb 2025 21:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Thu, 23 Jan 2025 16:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. | |
| Title | ECOVACS lawnmowers and vacuums deterministic firmware encryption key | |
| Weaknesses | CWE-1391 CWE-494 | |
| References |  | |
| Metrics | cvssV3_1 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: cisa-cg
Published: 2025-01-23T16:37:31.290Z
Updated: 2025-10-02T14:10:10.821Z
Reserved: 2024-11-08T01:06:02.405Z
Link: CVE-2024-52331
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-02-12T20:35:29.355Z
 NVD
                        NVD
                    Status : Modified
Published: 2025-01-23T17:15:14.563
Modified: 2025-10-02T15:15:52.810
Link: CVE-2024-52331
 Redhat
                        Redhat
                    No data.