WiFi Remote Code Execution Vulnerability in ECOVACS Robotics Deebot T20 Series
CVE-2024-42911

7.4HIGH

Key Information:

Vendor

ECOVACS Robotics

Vendor
CVE Published:
14 January 2025

What is CVE-2024-42911?

CVE-2024-42911 is a security vulnerability found in the ECOVACS Robotics Deebot T20 series, specifically in the OMNI and T20e OMNI models prior to version 1.24.0. This vulnerability allows for remote code execution via WiFi, which poses a significant risk to organizations that utilize these robotic vacuum systems. If exploited, attackers could gain unauthorized access to the device, leading to potential manipulation of its functionalities, exposure of sensitive data, or unauthorized access to the networks to which the devices are connected.

Technical Details

The vulnerability arises from flaws in the communication protocols used by the ECOVACS Robotics Deebot T20 series that can be leveraged to execute arbitrary code remotely. As this vulnerability is categorized under remote code execution, it implies that attackers do not need physical access to the device to exploit the flaw. Organizations that operate these robotic systems could face significant risks if their devices remain unpatched.

Potential impact of CVE-2024-42911

  1. Network Security Breach: The exploitation of this vulnerability could enable an attacker to access and control the network connected to the Deebot, potentially leading to unauthorized data breaches or further intrusions into organizational systems.

  2. Compromise of Device Functionality: With remote code execution capabilities, attackers could manipulate the operations of the Deebot, affecting its intended cleaning functions and causing disruptions in operational processes that depend on the robotic system.

  3. Loss of Customer Trust: If organizations using the affected devices experience publicized breaches or misuse of the systems due to this vulnerability, it could result in a significant loss of customer trust and reputation damage, affecting future business prospects.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://ecovacs.com
https://www.ecovacs.com/global/userhelp/dsa20250113001

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.