CVE-2024-11147
Severity CVSS v4.0:
HIGH
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
23/01/2025
Last modified:
23/01/2025
Description
ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
Impact
Base Score 4.0
7.00
Severity 4.0
HIGH
Base Score 3.x
7.60
Severity 3.x
HIGH