Description

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.

INFO

Published Date :

2025-01-23T15:56:30.185Z

Last Modified :

2025-02-12T20:41:26.651Z

Source :

cisa-cg
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52325 vulnerability.

Vendors Products
Ecovacs
  • Deebot T30 Omni
  • Deebot T30 Omni Firmware
  • Deebot T30s
  • Deebot T30s Firmware
  • Deebot X2 Combo
  • Deebot X2 Combo Firmware
  • Deebot X2 Omni
  • Deebot X2 Omni Firmware
  • Deebot X2s
  • Deebot X2s Firmware
  • Deebot X5 Pro
  • Deebot X5 Pro Firmware
  • Deebot X5 Pro Plus
  • Deebot X5 Pro Plus Firmware
  • Deebot X5 Pro Ultra
  • Deebot X5 Pro Ultra Firmware
  • Goat G1
  • Goat G1-2000
  • Goat G1-2000 Firmware
  • Goat G1-800
  • Goat G1-800 Firmware
  • Goat G1 Firmware
  • Gx-600
  • Gx-600 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52325.

URL Resource
https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf cve-icon cve-icon
https://www.ecovacs.com/global/userhelp/dsa20241119 cve-icon cve-icon
https://www.ecovacs.com/global/userhelp/dsa20241130001 cve-icon cve-icon
https://youtu.be/_wUsM0Mlenc?t=2041 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact