CVE-2024-12079
LOWDescription
ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ecovacs | deebot_900_firmware |
| ecovacs | deebot_900 |
| ecovacs | deebot_n8_firmware |
| ecovacs | deebot_n8 |
| ecovacs | deebot_t8_firmware |
| ecovacs | deebot_t8 |
| ecovacs | deebot_n9_firmware |
| ecovacs | deebot_n9 |
| ecovacs | deebot_t9_firmware |
| ecovacs | deebot_t9 |
| ecovacs | deebot_n10_firmware |
| ecovacs | deebot_n10 |
| ecovacs | deebot_t10_firmware |
| ecovacs | deebot_t10 |
| ecovacs | deebot_x1_firmware |
| ecovacs | deebot_x1 |
| ecovacs | deebot_t20_firmware |
| ecovacs | deebot_t20 |
| ecovacs | deebot_x2_firmware |
| ecovacs | deebot_x2 |
| ecovacs | goat_g1_firmware |
| ecovacs | goat_g1 |
| ecovacs | airbot_z1_firmware |
| ecovacs | airbot_z1 |
| ecovacs | airbot_ava_firmware |
| ecovacs | airbot_ava |
| ecovacs | airbot_andy_firmware |
| ecovacs | airbot_andy |
References
Frequently Asked Questions
What is CVE-2024-12079? +
How severe is CVE-2024-12079? +
What products are affected by CVE-2024-12079? +
How do I check if I'm vulnerable to CVE-2024-12079? +
Related Vulnerabilities
StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token …
The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows …
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker …
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of …
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are …
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An …