TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2024-52330

HIGH
7.4

Beschreibung

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.

CVE Details

CVSS v3.1 Bewertung7.4
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/23/2025
Zuletzt geandert9/23/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

ecovacs:deebot_t10ecovacs:deebot_t10_firmwareecovacs:deebot_t10_omniecovacs:deebot_t10_omni_firmwareecovacs:deebot_t10_plusecovacs:deebot_t10_plus_firmwareecovacs:deebot_t10_turboecovacs:deebot_t10_turbo_firmwareecovacs:deebot_x1ecovacs:deebot_x1_firmwareecovacs:deebot_x1_omniecovacs:deebot_x1_omni_firmwareecovacs:deebot_x1_plusecovacs:deebot_x1_plus_firmwareecovacs:deebot_x1_pro_omniecovacs:deebot_x1_pro_omni_firmwareecovacs:deebot_x1_turboecovacs:deebot_x1_turbo_firmwareecovacs:deebot_x1e_omniecovacs:deebot_x1e_omni_firmwareecovacs:deebot_x1s_proecovacs:deebot_x1s_pro_firmwareecovacs:deebot_x1s_pro_plusecovacs:deebot_x1s_pro_plus_firmwareecovacs:deebot_x2_comboecovacs:deebot_x2_combo_firmwareecovacs:deebot_x2_omniecovacs:deebot_x2_omni_firmwareecovacs:deebot_x2_proecovacs:deebot_x2_pro_firmwareecovacs:deebot_x2secovacs:deebot_x2s_firmwareecovacs:deebot_x5_proecovacs:deebot_x5_pro_firmwareecovacs:deebot_x5_pro_plusecovacs:deebot_x5_pro_plus_firmwareecovacs:deebot_x5_pro_ultraecovacs:deebot_x5_pro_ultra_firmwareecovacs:mate_xecovacs:mate_x_firmware

Schwachen (CWE)

CWE-295

Referenzen

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241217001(9119a7d8-5eab-497f-8521-727c672e3725)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.