ECOVACS Robot Lawnmowers Cleartext Anti-Theft PIN Storage Vulnerability

Vulnerability

A vulnerability exists in ECOVACS robot lawnmowers due to the anti-theft PIN being stored in cleartext on the device's filesystem. This allows an attacker to read the PIN, reset the anti-theft mechanism, and potentially steal the lawnmower.

Impact

Exploitation of this vulnerability allows for the theft of the lawnmower by resetting the anti-theft mechanism, which is designed to prevent theft.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ECOVACS Robot Lawnmowers Cleartext Anti-Theft PIN Storage Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating