ECOVACS Robot Products Deterministic Root Password Vulnerability Allowing Unauthorized Root Access

A vulnerability exists in ECOVACS robot lawnmowers and vacuums due to a deterministic root password that is generated based on the model and serial number of the device. This vulnerability allows an attacker with shell access to log in as root. The issue arises because the root password can be calculated using the serial number, which is accessible on the device.

Impact

Exploitation of this vulnerability allows for unauthorized root access on the affected ECOVACS robot, enabling the attacker to execute commands with full administrative privileges.

Reproduction

To reproduce this vulnerability, first obtain the serial number of the ECOVACS robot, which can be found under the dustbin without any spaces or special characters. Then, use the ECOVACS root password calculator available on dontvacuum.me to convert the serial number into the corresponding root password. Once the root password is obtained, it can be used to log in as root via shell access.