Security Advisory - WiFi Remote Code Execution Vulnerability in Deebot Product Series
Initial Release Date: January 13, 2025Update Date: January 13, 2025
Vulnerability Overview
A WiFi Remote Code Execution vulnerability has been identified in ECOVACS' Deebot product series. Under specific technical conditions, successful exploitation of this vulnerability could allow an attacker to remotely compromise the affected devices.
Vulnerability Source
The vulnerability information was provided by Eyüp Sabri Kayacan. We sincerely appreciate Eyüp' contribution to the security of ECOVACS products.
Versions and Fixes
| Affected Products | Patched Versions |
| T20 OMNI | 1.24.0 |
| T20e OMNI | 1.24.0 |
Version Access
Devices that support automatic updates will receive system update notifications. We have proactively pushed the update to all users. Users can complete the fix by performing the system update.
FAQs
None.
Security Incident Response
ECOVACS is committed to ensuring the best interests of our product users. We adhere to responsible disclosure principles and address security issues through our product security management process.
To report security issues related to ECOVACS products and solutions, please contact us at: product-security@ecovacs.com
ECOVACS will continue to monitor developments related to this vulnerability. Ongoing investigations are still in progress. If there are any changes, this advisory will be updated promptly. Please stay tuned for further updates.