← Voltar para CVEs
CVE-2024-11147
HIGH7.6
Descricao
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
Detalhes CVE
Pontuacao CVSS v3.17.6
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataquePHYSICAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/23/2025
Ultima modificacao9/23/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
ecovacs:airbot_andyecovacs:airbot_andy_firmwareecovacs:airbot_avaecovacs:airbot_ava_firmwareecovacs:airbot_z1ecovacs:airbot_z1_firmwareecovacs:deebot_900ecovacs:deebot_900_firmwareecovacs:deebot_n10ecovacs:deebot_n10_firmwareecovacs:deebot_n8ecovacs:deebot_n8_firmwareecovacs:deebot_n9ecovacs:deebot_n9_firmwareecovacs:deebot_t10ecovacs:deebot_t10_firmwareecovacs:deebot_t20ecovacs:deebot_t20_firmwareecovacs:deebot_t8ecovacs:deebot_t8_firmwareecovacs:deebot_t9ecovacs:deebot_t9_firmwareecovacs:deebot_x1ecovacs:deebot_x1_firmwareecovacs:deebot_x2ecovacs:deebot_x2_firmwareecovacs:goat_g1ecovacs:goat_g1_firmware
Fraquezas (CWE)
CWE-798
Referencias
https://builder.dontvacuum.me/ecopassword.php(9119a7d8-5eab-497f-8521-727c672e3725)
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.