CVE-2024-12079

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12079
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*
History

23 Sep 2025, 17:45

Type Values Removed Values Added
References () https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf - () https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf - Exploit, Third Party Advisory
Summary
  • (es) Los robots cortacésped ECOVACS almacenan el PIN antirrobo en texto plano en el sistema de archivos del dispositivo. Un atacante puede robar un cortacésped, leer el PIN y restablecer el mecanismo antirrobo.
CPE cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*
First Time Ecovacs deebot T10
Ecovacs airbot Andy
Ecovacs deebot T20 Firmware
Ecovacs airbot Andy Firmware
Ecovacs deebot X2 Firmware
Ecovacs deebot N8 Firmware
Ecovacs deebot N9
Ecovacs goat G1
Ecovacs airbot Z1 Firmware
Ecovacs airbot Ava Firmware
Ecovacs airbot Z1
Ecovacs deebot 900 Firmware
Ecovacs deebot N10 Firmware
Ecovacs deebot T9 Firmware
Ecovacs deebot 900
Ecovacs deebot T9
Ecovacs deebot X1 Firmware
Ecovacs goat G1 Firmware
Ecovacs
Ecovacs deebot X1
Ecovacs deebot N8
Ecovacs airbot Ava
Ecovacs deebot T8 Firmware
Ecovacs deebot T20
Ecovacs deebot T8
Ecovacs deebot X2
Ecovacs deebot T10 Firmware
Ecovacs deebot N9 Firmware
Ecovacs deebot N10

23 Jan 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-23 17:15

Updated : 2025-09-23 17:45

NVD link : CVE-2024-12079

Mitre link : CVE-2024-12079

CVE.ORG link : CVE-2024-12079

JSON object : View

Products Affected

ecovacs

  • deebot_t8
  • deebot_t20_firmware
  • deebot_900_firmware
  • goat_g1_firmware
  • deebot_t10
  • deebot_n8
  • airbot_andy
  • deebot_t10_firmware
  • airbot_z1
  • deebot_x1
  • deebot_n8_firmware
  • deebot_n10
  • deebot_x2_firmware
  • deebot_t9
  • deebot_t8_firmware
  • deebot_n9
  • airbot_andy_firmware
  • deebot_x2
  • deebot_n10_firmware
  • goat_g1
  • deebot_t9_firmware
  • deebot_900
  • airbot_z1_firmware
  • deebot_x1_firmware
  • airbot_ava
  • deebot_t20
  • airbot_ava_firmware
  • deebot_n9_firmware
CWE
CWE-312

Cleartext Storage of Sensitive Information