ГлавнаяУязвимости → CVE-2024-11147
7.6высокая

CVE-2024-11147

Описание

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.

Затрагиваемое ПО
Ecovacs Deebot 900 firmwareEcovacs Deebot 900Ecovacs Deebot n8 firmwareEcovacs Deebot n8Ecovacs Deebot t8 firmwareEcovacs Deebot t8Ecovacs Deebot n9 firmwareEcovacs Deebot n9Ecovacs Deebot t9 firmwareEcovacs Deebot t9Ecovacs Deebot n10 firmwareEcovacs Deebot n10Ecovacs Deebot t10 firmwareEcovacs Deebot t10Ecovacs Deebot x1 firmwareEcovacs Deebot x1Ecovacs Deebot t20 firmwareEcovacs Deebot t20Ecovacs Deebot x2 firmwareEcovacs Deebot x2Ecovacs Goat g1 firmwareEcovacs Goat g1Ecovacs Airbot z1 firmwareEcovacs Airbot z1Ecovacs Airbot ava firmware
CVSS
Балл7.6 — высокая
ВекторCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://builder.dontvacuum.me/ecopassword.phphttps://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdfhttps://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf