CVE-2024-11147

Description

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.

Affected Software
References

There are no affected software configurations available.

https://builder.dontvacuum.me/ecopassword.php
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf

CVE: CVE-2024-11147
Published: Jan 23, 2025
Updated: May 4, 2025
Exploit:

CVE-2024-11147

Description

Details