CVE-2024-52325
Published: Jan 23, 2025
Modified: Feb 12, 2025
CVSS v3.1
9.6
Description
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
| Vendor | Product | Versions |
|---|---|---|
ECOVACS | GOAT G1 | affected 0 - < 1.36.187unaffected 1.36.187 |
ECOVACS | GOAT G1-800 | affected 0 - < 1.36.187unaffected 1.36.187 |
ECOVACS | DEEBOT X2S | affected 0 - < 1.49.0unaffected 1.49.0 |
ECOVACS | DEEBOT X5 PRO | affected 0 - < 1.70.0unaffected 1.70.0 |
ECOVACS | DEEBOT X5 PRO PLUS | affected 0 - < 1.38.0unaffected 1.38.0 |
ECOVACS | DEEBOT T30 OMNI | affected 0 - < 1.93.0unaffected 1.93.0 |
ECOVACS | DEEBOT T30S | affected 0 - < 1.95.0unaffected 1.95.0 |
ECOVACS | GOAT G1-2000 | affected 0 - < 1.36.187unaffected 1.36.187 |
ECOVACS | GOAT GX-600 | affected 0 - < 1.2.120unaffected 1.2.120 |
ECOVACS | DEEBOT X2 OMNI | affected 0 - < 1.76.6unaffected 1.76.6 |
ECOVACS | DEEBOT X2 COMBO | affected 0 - < 1.81.10unaffected 1.81.10 |
ECOVACS | DEEBOT X5 PRO ULTRA | affected 0 - < 1.17.0unaffected 1.17.0 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now