GCVE - cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Ecovacs (`970385e2-1d45-53ea-a811-676ddc52336f`)
Product	Deebot N10 Firmware (`84a1c757-6c2a-5d36-ab04-78ba6dfcdb50`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-52331`	vulnerable	2026-06-03 14:57:29.164260	ECOVACS lawnmowers and vacuums deterministic firmware encryption key HIGH (7.5) ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. Published: 2025-01-23T16:37:31.290Z Updated: 2025-10-02T14:10:10.821Z Open on db.gcve.eu Reference links https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-52328`	vulnerable	2026-06-03 14:57:29.109025	ECOVACS lawnmowers and vacuums insecurely store audio warning files LOW (2.3) ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. Published: 2025-01-23T16:35:23.197Z Updated: 2025-02-12T20:41:29.266Z Open on db.gcve.eu Reference links https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12079`	vulnerable	2026-06-03 14:54:15.537843	ECOVACS lawnmowers cleartext storage of anti-theft PIN LOW (3.3) ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. Published: 2025-01-23T16:39:06.903Z Updated: 2025-02-12T17:12:21.831Z Open on db.gcve.eu Reference links https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12078`	vulnerable	2026-06-03 14:54:15.536408	ECOVACS lawnmowers and vacuums static BLE GATT encryption key MEDIUM (6.3) ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key. Published: 2025-01-23T16:38:48.017Z Updated: 2025-02-12T17:11:14.933Z Open on db.gcve.eu Reference links https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf https://youtu.be/_wUsM0Mlenc?t=2041	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11147`	vulnerable	2026-06-03 14:54:13.539835	ECOVACS lawnmowers and vacuums deterministic root password HIGH (7.6) ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. Published: 2025-01-23T16:37:54.479Z Updated: 2025-02-12T17:07:28.749Z Open on db.gcve.eu Reference links https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf https://builder.dontvacuum.me/ecopassword.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.