Security Advisory -Serial Port and Password Security Vulnerabilities in Deebot X2 OMNI Devices

Announcement ID SA-2026-0004

First Published 2025-11-15

Updated: 2025-11-15

Vulnerability ID CVE-2024-11147

Vulnerability Overview

The Deebot X2 OMNI is confronted with two security issues. First, the serial port remains inadequately closed, potentially allowing unauthorized external access. Second, the root password is set in a simplistic manner, making it vulnerable to being easily cracked. These vulnerabilities may result in the leakage of sensitive device information.

Vulnerability Source

CVE-2024-11147

Versions and Fixes

Firmware:

Affected Products	Patched Versions
X2 OMNI	1.81.13

Version Access

Firmware Version: Devices that support automatic updates will receive system update notifications. We have proactively pushed the update to all active users. Users can complete the fix by performing the system update.

FAQs

None.

Security Incident Response

ECOVACS is committed to ensuring the best interests of our product users. We adhere to responsible disclosure principles and address security issues through our product security management process.

To report security issues related to ECOVACS products and solutions, please contact us at: product-security@ecovacs.com.

ECOVACS will continue to monitor developments related to this vulnerability. Ongoing investigations are still in progress. If there are any changes, this advisory will be updated promptly. Please stay tuned for further updates.