Insecure Wi-Fi Communication in ECOVACS Robot Vacuums and Base Stations
CVE-2025-30198

2.3LOW

Key Information:

Vendor: Ecovacs
Status: Deebot X1 Series; Deebot T20 Series; Deebot T10 Series; Deebot T30 Series
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-30198?

ECOVACS robot vacuums and their accompanying base stations are susceptible to security issues due to their reliance on an insecure Wi-Fi network that utilizes a deterministic WPA2-PSK. This approach poses a significant risk, as the pre-shared key can be easily derived, potentially allowing unauthorized access to the device’s communication channels. This vulnerability highlights the need for improved security measures in smart home devices to prevent unauthorized control and data breaches.

Affected Version(s)

DEEBOT T10 Series *

DEEBOT T20 Series *

DEEBOT T30 Series *

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

https://www.cve.org/CVERecord?id=CVE-2025-30198

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Mar 18, 2025

Credit

Dennis Giese, undefined

Braelynn Luedtke, undefined

Chris Anderson, undefined