Use of Hard-coded Cryptographic Key

CVE-2024-12078

Medium

5.3/10

Summary

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-321 - Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References

Advisory Timeline

Published Jan 23, 2025

Use of Hard-coded Cryptographic Key

CVE-2024-12078

Summary

CWE-321 - Use of Hard-coded Cryptographic Key

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS