{"id":86608,"date":"2026-03-04T21:36:47","date_gmt":"2026-03-04T21:36:47","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-44251-clear-text-transmission-of-wi-fi-credentials-vulnerability-in-ecovacs-deebot-t10-1-7-2","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-44251-clear-text-transmission-of-wi-fi-credentials-vulnerability-in-ecovacs-deebot-t10-1-7-2\/","title":{"rendered":"<strong>CVE-2025-44251: Clear Text Transmission of Wi-Fi Credentials Vulnerability in Ecovacs Deebot T10 1.7.2<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>Ecovacs Deebot T10 1.7.2 has been identified as having a critical vulnerability (CVE-2025-44251), which allows for the cleartext transmission of Wi-Fi credentials during the device pairing process. This vulnerability poses significant security risks, potentially leading to compromise of systems or data leakage, affecting all users of the affected versions of the product. This report provides a detailed analysis of the vulnerability, its potential impact, and suggested mitigation strategies.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-44251<br \/>\nSeverity: High (7.5 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: Required<br \/>\nImpact: Potential system compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3101413722\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Ecovacs Deebot T10 | 1.7.2<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The vulnerability stems from the insecure transmission of Wi-Fi credentials during the pairing process. Specifically, the Ecovacs Deebot T10 1.7.2 fails to encrypt or otherwise secure these credentials, transmitting them in clear text. This exposes the credentials to potential interception by malicious actors, who can then use them to gain unauthorized access to the network, potentially leading to system compromise or data leakage.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-4087781685\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>This vulnerability might be exploited through a packet sniffing attack. A conceptual example of this attack could look something like:<\/p>\n<pre><code class=\"\" data-line=\"\"># Using airodump-ng to capture packets on a specific channel\nairodump-ng --channel &lt;channel&gt; --bssid &lt;BSSID&gt; --write capture.pcap wlan0<\/code><\/pre>\n<p>In this conceptual example, an attacker uses the airodump-ng tool to capture packets on the Wi-Fi channel where the Ecovacs Deebot is transmitting. The `&#8211;write` argument saves these packets to a file (here, `capture.pcap`), which can then be analyzed to extract the cleartext Wi-Fi credentials.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Users of Ecovacs Deebot T10 1.7.2 are strongly advised to apply the vendor patch when available. In the meantime, users may consider using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) as a temporary mitigation strategy to monitor and filter network traffic for suspicious activity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview Ecovacs Deebot T10 1.7.2 has been identified as having a critical vulnerability (CVE-2025-44251), which allows for the cleartext transmission of Wi-Fi credentials during the device pairing process. This vulnerability poses significant security risks, potentially leading to compromise of systems or data leakage, affecting all users of the affected versions of the product. This report [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-86608","post","type-post","status-publish","format-standard","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=86608"}],"version-history":[{"count":0,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86608\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=86608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=86608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=86608"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=86608"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=86608"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=86608"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=86608"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=86608"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=86608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}