Braelynn Luedtke

**Name of the Vulnerable Software and Affected Versions** ECOVACS vacuum robot base stations (affected versions not specified) **Description** ECOVACS vacuum robot base stations do not validate firmware updates, allowing malicious over-the-air updates to be sent to the base station via an insecure connection between the robot and the base station. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOVACS robot vacuums and base stations (affected versions not specified) **Description** ECOVACS robot vacuums and base stations communicate over an insecure Wi-Fi network. The communication utilizes AES encryption with a deterministic key that can be easily derived. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOVACS robot vacuums and base stations (affected versions not specified) **Description** ECOVACS robot vacuums and base stations communicate over an insecure Wi-Fi network using a predictable WPA2-PSK. This allows for easy derivation of the Wi-Fi password. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOVACS lawnmowers and vacuums (affected versions not specified) **Description** The issue concerns the improper validation of TLS certificates by ECOVACS lawnmowers and vacuums. This allows an unauthenticated attacker to read or modify TLS traffic, which could potentially lead to the modification of firmware updates. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOVACS robot lawnmowers and vacuums (affected versions not specified) **Description** The issue concerns the use of a deterministic symmetric key for decrypting firmware updates in ECOVACS robots. This allows an attacker to create and encrypt malicious firmware, which can then be successfully decrypted and installed by the robot. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOVACS (affected versions not specified) **Description** The issue allows authenticated attackers to bypass the PIN entry required to access the live video feed. This affects the cloud service used by ECOVACS robot lawnmowers and vacuums. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOVACS robot lawnmowers and vacuums (affected versions not specified) **Description** The issue concerns command injection via the `SetNetPin()` function over an unauthenticated Bluetooth Low Energy (BLE) connection. This allows for potential exploitation without the need for authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOVACS HOME (affected versions not specified) **Description** The ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. This allows an unauthenticated attacker to read or modify TLS traffic and obtain authentication tokens. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Planet Fitness Workouts iOS and Android mobile apps versions prior to 9.8.12 **Description** The issue is related to the failure of the Planet Fitness Workouts iOS and Android mobile apps to properly validate TLS certificates. This allows an attacker with appropriate network access to obtain session tokens and sensitive information. **Recommendations** For versions prior to 9.8.12, update to version 9.8.12 or later to resolve the issue. As a temporary workaround, consider restricting network access to the app until the update is applied.