← Retour aux CVEs
CVE-2024-12079
LOW3.3
Description
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
Details CVE
Score CVSS v3.13.3
SeveriteLOW
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/23/2025
Derniere modification9/23/2025
Sourcenvd
Observations honeypot0
Produits affectes
ecovacs:airbot_andyecovacs:airbot_andy_firmwareecovacs:airbot_avaecovacs:airbot_ava_firmwareecovacs:airbot_z1ecovacs:airbot_z1_firmwareecovacs:deebot_900ecovacs:deebot_900_firmwareecovacs:deebot_n10ecovacs:deebot_n10_firmwareecovacs:deebot_n8ecovacs:deebot_n8_firmwareecovacs:deebot_n9ecovacs:deebot_n9_firmwareecovacs:deebot_t10ecovacs:deebot_t10_firmwareecovacs:deebot_t20ecovacs:deebot_t20_firmwareecovacs:deebot_t8ecovacs:deebot_t8_firmwareecovacs:deebot_t9ecovacs:deebot_t9_firmwareecovacs:deebot_x1ecovacs:deebot_x1_firmwareecovacs:deebot_x2ecovacs:deebot_x2_firmwareecovacs:goat_g1ecovacs:goat_g1_firmware
Faiblesses (CWE)
CWE-312
References
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.