← Zuruck zu CVEs
CVE-2024-52325
CRITICAL9.6
Beschreibung
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
CVE Details
CVSS v3.1 Bewertung9.6
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/23/2025
Zuletzt geandert9/23/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
ecovacs:deebot_t30_omniecovacs:deebot_t30_omni_firmwareecovacs:deebot_t30secovacs:deebot_t30s_firmwareecovacs:deebot_x2_comboecovacs:deebot_x2_combo_firmwareecovacs:deebot_x2_omniecovacs:deebot_x2_omni_firmwareecovacs:deebot_x2secovacs:deebot_x2s_firmwareecovacs:deebot_x5_proecovacs:deebot_x5_pro_firmwareecovacs:deebot_x5_pro_plusecovacs:deebot_x5_pro_plus_firmwareecovacs:deebot_x5_pro_ultraecovacs:deebot_x5_pro_ultra_firmwareecovacs:goat_g1ecovacs:goat_g1-2000ecovacs:goat_g1-2000_firmwareecovacs:goat_g1-800ecovacs:goat_g1-800_firmwareecovacs:goat_g1_firmwareecovacs:gx-600ecovacs:gx-600_firmware
Schwachen (CWE)
CWE-77
Referenzen
https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241119(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241130001(9119a7d8-5eab-497f-8521-727c672e3725)
https://youtu.be/_wUsM0Mlenc?t=2041(9119a7d8-5eab-497f-8521-727c672e3725)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.