← Voltar para CVEs
CVE-2024-52325
CRITICAL9.6
Descricao
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
Detalhes CVE
Pontuacao CVSS v3.19.6
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueADJACENT_NETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/23/2025
Ultima modificacao9/23/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
ecovacs:deebot_t30_omniecovacs:deebot_t30_omni_firmwareecovacs:deebot_t30secovacs:deebot_t30s_firmwareecovacs:deebot_x2_comboecovacs:deebot_x2_combo_firmwareecovacs:deebot_x2_omniecovacs:deebot_x2_omni_firmwareecovacs:deebot_x2secovacs:deebot_x2s_firmwareecovacs:deebot_x5_proecovacs:deebot_x5_pro_firmwareecovacs:deebot_x5_pro_plusecovacs:deebot_x5_pro_plus_firmwareecovacs:deebot_x5_pro_ultraecovacs:deebot_x5_pro_ultra_firmwareecovacs:goat_g1ecovacs:goat_g1-2000ecovacs:goat_g1-2000_firmwareecovacs:goat_g1-800ecovacs:goat_g1-800_firmwareecovacs:goat_g1_firmwareecovacs:gx-600ecovacs:gx-600_firmware
Fraquezas (CWE)
CWE-77
Referencias
https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241119(9119a7d8-5eab-497f-8521-727c672e3725)
https://www.ecovacs.com/global/userhelp/dsa20241130001(9119a7d8-5eab-497f-8521-727c672e3725)
https://youtu.be/_wUsM0Mlenc?t=2041(9119a7d8-5eab-497f-8521-727c672e3725)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.