CVE-2025-44251
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-15
Assigner: MITRE
Description
Description
Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ecovacs | deebot_t10 | 1.7.2 |
| ecovacs | deebot_t10 | 3.0 |
| ecovacs | deebot_t10 | 3.4.0 |
| ecovacs | deebot_t10 | 1.7.5 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Ecovacs Deebot T10 version 1.7.2 transmitting Wi-Fi credentials in cleartext during the pairing process, meaning the sensitive information is sent without encryption and could be intercepted by attackers.
How can this vulnerability impact me? :
An attacker who intercepts the cleartext Wi-Fi credentials could gain unauthorized access to your Wi-Fi network, potentially leading to further network compromise or unauthorized control of the device.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70