← Volver a CVEs
CVE-2024-52325
CRITICAL9.6
Descripcion
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
Detalles CVE
Puntuacion CVSS v3.19.6
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/23/2025
Ultima modificacion9/23/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
ecovacs:deebot_t30_omniecovacs:deebot_t30_omni_firmwareecovacs:deebot_t30secovacs:deebot_t30s_firmwareecovacs:deebot_x2_comboecovacs:deebot_x2_combo_firmwareecovacs:deebot_x2_omniecovacs:deebot_x2_omni_firmwareecovacs:deebot_x2secovacs:deebot_x2s_firmwareecovacs:deebot_x5_proecovacs:deebot_x5_pro_firmwareecovacs:deebot_x5_pro_plusecovacs:deebot_x5_pro_plus_firmwareecovacs:deebot_x5_pro_ultraecovacs:deebot_x5_pro_ultra_firmwareecovacs:goat_g1ecovacs:goat_g1-2000ecovacs:goat_g1-2000_firmwareecovacs:goat_g1-800ecovacs:goat_g1-800_firmwareecovacs:goat_g1_firmwareecovacs:gx-600ecovacs:gx-600_firmware
Debilidades (CWE)
CWE-77
Referencias
https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241119(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241130001(9119a7d8-5eab-497f-8521-727c672e3725)
https://youtu.be/_wUsM0Mlenc?t=2041(9119a7d8-5eab-497f-8521-727c672e3725)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.