Ecovacs · Ecovacs Vacuums · CVE-2024-12078
**Name of the Vulnerable Software and Affected Versions**
ECOVACS robot lawn mowers and vacuums (affected versions not specified)
**Description**
The issue concerns the use of a shared, static secret key to encrypt BLE GATT messages in ECOVACS robots. This allows an unauthenticated attacker within BLE range to control any robot using the same key.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.