Deebot T30 Omni Firmware

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-30200 LOW Monitor

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware Deebot X1 Omni Firmware Deebot X1 Turbo Firmware +9
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-30199 HIGH This Month

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware Deebot X1 Omni Firmware Deebot X1 Turbo Firmware +9
NVD GitHub
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-30198 LOW Monitor

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware Deebot X1 Omni Firmware Deebot X1 Turbo Firmware +9
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2024-52325 MEDIUM POC This Month

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. Rated medium severity (CVSS 5.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goat G1 2000 Firmware Goat G1 Firmware Goat G1 800 Firmware Gx 600 Firmware +8
NVD
CVSS 4.0
5.8
EPSS
0.6%
CVE-2025-30200
EPSS 0% CVSS 2.3
LOW Monitor

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware +11
NVD GitHub
CVE-2025-30199
EPSS 0% CVSS 7.5
HIGH This Month

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware +11
NVD GitHub
CVE-2025-30198
EPSS 0% CVSS 2.3
LOW Monitor

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware +11
NVD GitHub
CVE-2024-52325
EPSS 1% CVSS 5.8
MEDIUM POC This Month

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. Rated medium severity (CVSS 5.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goat G1 2000 Firmware Goat G1 Firmware +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy