ГлавнаяУязвимости → CVE-2025-30199
7.2высокая

CVE-2025-30199

Описание

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

Затрагиваемое ПО
Ecovacs Deebot x1s pro firmwareEcovacs Deebot x1s proEcovacs Deebot x1 pro omni firmwareEcovacs Deebot x1 pro omniEcovacs Deebot x1 omni firmwareEcovacs Deebot x1 omniEcovacs Deebot x1 turbo firmwareEcovacs Deebot x1 turboEcovacs Deebot t10 firmwareEcovacs Deebot t10Ecovacs Deebot t10 omni firmwareEcovacs Deebot t10 omniEcovacs Deebot t10 plus firmwareEcovacs Deebot t10 plusEcovacs Deebot t10 turbo firmwareEcovacs Deebot t10 turboEcovacs Deebot t20 omni firmwareEcovacs Deebot t20 omniEcovacs Deebot t20 pro plus firmwareEcovacs Deebot t20 pro plusEcovacs Deebot t20 pro firmwareEcovacs Deebot t20 proEcovacs Deebot t30 omni firmwareEcovacs Deebot t30 omniEcovacs Deebot t30s firmware
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.jsonhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19https://www.cve.org/CVERecord?id=CVE-2025-30199