ECOVACS Robot Devices Bluetooth Low Energy Message Encryption Vulnerability

Vulnerability

A vulnerability exists in ECOVACS robot lawn mowers and vacuums due to the use of a shared, static secret key for encrypting Bluetooth Low Energy (BLE) Generic Attribute Profile (GATT) messages. This flaw allows an unauthenticated attacker within BLE range to control any robot that uses the same key.

Impact

Exploitation of this vulnerability allows for unauthorized control of ECOVACS robots within Bluetooth range.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ECOVACS Robot Devices Bluetooth Low Energy Message Encryption Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating