CVE-2024-52330

CRITICAL EPSS 25.3%
Published Jan 23, 20251y ago · Modified Jun 17, 20262w ago
9.5 CVSS 4.0
Critical
Find Similar
Published Jan 23, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.

CVSS Details

Base Score
9.5
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
25.3% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-295

Affected Products 40

VendorProductVersionRange
ecovacsdeebot_x2_omni_firmware* <1.76.6
ecovacsdeebot_x2_omni*any
ecovacsdeebot_x2_combo_firmware* <1.81.10
ecovacsdeebot_x2_combo*any
ecovacsdeebot_x2s_firmware* <1.49.0
ecovacsdeebot_x2s*any
ecovacsdeebot_x5_pro_firmware* <1.70.0
ecovacsdeebot_x5_pro*any
ecovacsdeebot_x5_pro_plus_firmware* <1.38.0
ecovacsdeebot_x5_pro_plus*any
ecovacsdeebot_x5_pro_ultra_firmware* <1.17.0
ecovacsdeebot_x5_pro_ultra*any
ecovacsmate_x_firmware* <1.44.18
ecovacsmate_x*any
ecovacsdeebot_x1_omni_firmware* <2.4.41
ecovacsdeebot_x1_omni*any
ecovacsdeebot_x1_turbo_firmware* <2.4.41
ecovacsdeebot_x1_turbo*any
ecovacsdeebot_x1_pro_omni_firmware* <2.4.41
ecovacsdeebot_x1_pro_omni*any
ecovacsdeebot_x1_firmware* <1.7.3
ecovacsdeebot_x1*any
ecovacsdeebot_x1_plus_firmware* <1.7.3
ecovacsdeebot_x1_plus*any
ecovacsdeebot_x1s_pro_firmware* <2.5.31
ecovacsdeebot_x1s_pro*any
ecovacsdeebot_x1s_pro_plus_firmware* <1.23.0
ecovacsdeebot_x1s_pro_plus*any
ecovacsdeebot_x1e_omni_firmware* <2.4.42
ecovacsdeebot_x1e_omni*any
ecovacsdeebot_t10_turbo_firmware* <1.10.0
ecovacsdeebot_t10_turbo*any
ecovacsdeebot_t10_plus_firmware* <1.7.5
ecovacsdeebot_t10_plus*any
ecovacsdeebot_t10_firmware* <1.7.5
ecovacsdeebot_t10*any
ecovacsdeebot_t10_omni_firmware* <1.9.0
ecovacsdeebot_t10_omni*any
ecovacsdeebot_x2_pro_firmware* <1.76.6
ecovacsdeebot_x2_pro*any

References 3

  • dontvacuum.me https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf
    ExploitThird Party Advisory
  • dontvacuum.me https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf
    ExploitThird Party Advisory
  • ecovacs.com https://www.ecovacs.com/global/userhelp/dsa20241217001
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.