← Retour aux CVEs
CVE-2024-52325
CRITICAL9.6
Description
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
Details CVE
Score CVSS v3.19.6
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie1/23/2025
Derniere modification9/23/2025
Sourcenvd
Observations honeypot0
Produits affectes
ecovacs:deebot_t30_omniecovacs:deebot_t30_omni_firmwareecovacs:deebot_t30secovacs:deebot_t30s_firmwareecovacs:deebot_x2_comboecovacs:deebot_x2_combo_firmwareecovacs:deebot_x2_omniecovacs:deebot_x2_omni_firmwareecovacs:deebot_x2secovacs:deebot_x2s_firmwareecovacs:deebot_x5_proecovacs:deebot_x5_pro_firmwareecovacs:deebot_x5_pro_plusecovacs:deebot_x5_pro_plus_firmwareecovacs:deebot_x5_pro_ultraecovacs:deebot_x5_pro_ultra_firmwareecovacs:goat_g1ecovacs:goat_g1-2000ecovacs:goat_g1-2000_firmwareecovacs:goat_g1-800ecovacs:goat_g1-800_firmwareecovacs:goat_g1_firmwareecovacs:gx-600ecovacs:gx-600_firmware
Faiblesses (CWE)
CWE-77
References
https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241119(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241130001(9119a7d8-5eab-497f-8521-727c672e3725)
https://youtu.be/_wUsM0Mlenc?t=2041(9119a7d8-5eab-497f-8521-727c672e3725)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.