CVE-2025-30200

Summary

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.

Affected Software

VendorProductVersion RangeStatus
ECOVACSDEEBOT X1 Series*affected
ECOVACSDEEBOT T20 Series*affected
ECOVACSDEEBOT T10 Series*affected
ECOVACSDEEBOT T30 Series*affected

Weaknesses

  • CWE-321: CWE-321 Use of Hard-coded Cryptographic Key
  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References