← Back to CVEs
CVE-2024-52325
CRITICAL9.6
Description
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
CVE Details
CVSS v3.1 Score9.6
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/23/2025
Last Modified9/23/2025
Sourcenvd
Honeypot Sightings0
Affected Products
ecovacs:deebot_t30_omniecovacs:deebot_t30_omni_firmwareecovacs:deebot_t30secovacs:deebot_t30s_firmwareecovacs:deebot_x2_comboecovacs:deebot_x2_combo_firmwareecovacs:deebot_x2_omniecovacs:deebot_x2_omni_firmwareecovacs:deebot_x2secovacs:deebot_x2s_firmwareecovacs:deebot_x5_proecovacs:deebot_x5_pro_firmwareecovacs:deebot_x5_pro_plusecovacs:deebot_x5_pro_plus_firmwareecovacs:deebot_x5_pro_ultraecovacs:deebot_x5_pro_ultra_firmwareecovacs:goat_g1ecovacs:goat_g1-2000ecovacs:goat_g1-2000_firmwareecovacs:goat_g1-800ecovacs:goat_g1-800_firmwareecovacs:goat_g1_firmwareecovacs:gx-600ecovacs:gx-600_firmware
Weaknesses (CWE)
CWE-77
References
https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241119(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241130001(9119a7d8-5eab-497f-8521-727c672e3725)
https://youtu.be/_wUsM0Mlenc?t=2041(9119a7d8-5eab-497f-8521-727c672e3725)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.