Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

deebot_t30s_firmware

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2025-30198
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-2.3||LOW
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 17:45
Updated-23 Sep, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.

Action-Not Available
Vendor-ecovacsECOVACS
Product-deebot_t20_pro_plus_firmwaredeebot_t20_omnideebot_t10deebot_x1_pro_omni_firmwaredeebot_x1_turbodeebot_x1_omnideebot_t20_omni_firmwaredeebot_t20_pro_plusdeebot_t30_omnideebot_t10_firmwaredeebot_x1s_pro_firmwaredeebot_t30sdeebot_t30s_firmwaredeebot_t10_omnideebot_t10_turbo_firmwaredeebot_t20_pro_firmwaredeebot_t10_omni_firmwaredeebot_x1_omni_firmwaredeebot_t10_plus_firmwaredeebot_x1_turbo_firmwaredeebot_x1s_prodeebot_t10_plusdeebot_t20_prodeebot_x1_pro_omnideebot_t30_omni_firmwaredeebot_t10_turboDEEBOT T30 SeriesDEEBOT T10 SeriesDEEBOT X1 SeriesDEEBOT T20 Series
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-30199
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.80%
||
7 Day CHG+0.01%
Published-05 Sep, 2025 | 17:45
Updated-23 Sep, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOVACS Vacuum and Base Station accept unsigned firmware

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

Action-Not Available
Vendor-ecovacsECOVACS
Product-deebot_t20_pro_plus_firmwaredeebot_t20_omnideebot_t10deebot_x1_pro_omni_firmwaredeebot_x1_turbodeebot_x1_omnideebot_t20_omni_firmwaredeebot_t20_pro_plusdeebot_t30_omnideebot_t10_firmwaredeebot_x1s_pro_firmwaredeebot_t30sdeebot_t30s_firmwaredeebot_t10_omnideebot_t10_turbo_firmwaredeebot_t20_pro_firmwaredeebot_t10_omni_firmwaredeebot_x1_omni_firmwaredeebot_t10_plus_firmwaredeebot_x1_turbo_firmwaredeebot_x1s_prodeebot_t10_plusdeebot_t20_prodeebot_x1_pro_omnideebot_t30_omni_firmwaredeebot_t10_turboDEEBOT T30 SeriesDEEBOT T10 SeriesDEEBOT X1 SeriesDEEBOT T20 Series
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2025-30200
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-2.3||LOW
EPSS-0.01% / 1.91%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 17:43
Updated-23 Sep, 2025 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOVACS Vacuum and Base Station Hard-Coded AES Encryption

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.

Action-Not Available
Vendor-ecovacsECOVACS
Product-deebot_t20_pro_plus_firmwaredeebot_t20_omnideebot_t10deebot_x1_pro_omni_firmwaredeebot_x1_turbodeebot_x1_omnideebot_t20_omni_firmwaredeebot_t20_pro_plusdeebot_t30_omnideebot_t10_firmwaredeebot_x1s_pro_firmwaredeebot_t30sdeebot_t30s_firmwaredeebot_t10_omnideebot_t10_turbo_firmwaredeebot_t20_pro_firmwaredeebot_t10_omni_firmwaredeebot_x1_omni_firmwaredeebot_t10_plus_firmwaredeebot_x1_turbo_firmwaredeebot_x1s_prodeebot_t10_plusdeebot_t20_prodeebot_x1_pro_omnideebot_t30_omni_firmwaredeebot_t10_turboDEEBOT T30 SeriesDEEBOT T10 SeriesDEEBOT X1 SeriesDEEBOT T20 Series
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-52325
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-5.8||MEDIUM
EPSS-1.69% / 81.86%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 15:56
Updated-23 Sep, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOVACS robot lawnmowers and vacuums command injection

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.

Action-Not Available
Vendor-ecovacsECOVACS
Product-gx-600_firmwaredeebot_x5_pro_ultradeebot_x5_pro_ultra_firmwaregx-600goat_g1-2000deebot_x5_pro_firmwaredeebot_x5_progoat_g1deebot_t30_omnideebot_x5_pro_plusdeebot_x2s_firmwaregoat_g1_firmwaredeebot_x5_pro_plus_firmwaredeebot_t30sdeebot_x2_omnideebot_t30s_firmwaregoat_g1-800goat_g1-800_firmwaredeebot_x2sdeebot_x2_combodeebot_x2_omni_firmwaredeebot_t30_omni_firmwaredeebot_x2_combo_firmwaregoat_g1-2000_firmwareDEEBOT X2SDEEBOT X5 PRO PLUSDEEBOT X5 PRO ULTRAGOAT G1-800DEEBOT T30SDEEBOT T30 OMNIGOAT G1GOAT G1-2000DEEBOT X5 PRODEEBOT X2 COMBOGOAT GX-600DEEBOT X2 OMNI
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')