CVE-2025-30199 is a high-severity ECOVACS issue affecting several DEEBOT robot and base-station product lines. CISA’s advisory says the base stations do not validate firmware updates, which means a malicious over-the-air update could be sent over the insecure connection between the robot and base station. The advisory lists fixed versions for the affected products and, in Update A, states that mitigation [truncated]
CVE-2025-30198 affects ECOVACS DEEBOT robot vacuums and base stations that communicate over a Wi‑Fi network protected by a deterministic WPA2-PSK derived from the device serial number. That weakens the local wireless trust boundary because the shared secret is not randomly provisioned. CISA’s advisory Update A states that software updates are available for all affected devices, so remediation is available [truncated]
