ECOVACS Vacuum and Base Station Unsigned Firmware Update Vulnerability

A vulnerability exists in ECOVACS DEEBOT vacuum robot base stations due to the lack of validation for firmware updates. This flaw allows malicious over-the-air updates to be sent to the base stations through an insecure connection with the robot. The vulnerability affects several models in the DEEBOT X1 and T series, all prior to their respective latest versions.

Impact

Exploitation of this vulnerability could enable an attacker to send harmful firmware updates to the vacuum's base station, potentially leading to unauthorized code execution.

Remediation

ECOVACS has released software updates for all affected devices. Users can perform the system update to address this vulnerability. For more information, see the ECOVACS security advisory or contact ECOVACS through their website.