CVE-2024-52330
Published: Jan 23, 2025
Modified: Feb 12, 2025
CVSS v3.1
7.4
Description
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
| Vendor | Product | Versions |
|---|---|---|
ECOVACS | DEEBOT X5 PRO PLUS | unaffected 1.38.0affected 0 - < 1.38.0 |
ECOVACS | DEEBOT X5 PRO | unaffected 1.70.0affected 0 - < 1.70.0 |
ECOVACS | DEEBOT X2S | affected 0 - < 1.49.0unaffected 1.49.0 |
ECOVACS | DEEBOT X2 OMNI | unaffected 1.76.6affected 0 - < 1.76.6 |
ECOVACS | DEEBOT X1 TURBO | affected 0 - < 2.4.41unaffected 2.4.41 |
ECOVACS | DEEBOT X1 | unaffected 1.7.3affected 0 - < 1.7.3 |
ECOVACS | DEEBOT X1S PRO | unaffected 2.5.31affected 0 - < 2.5.31 |
ECOVACS | DEEBOT X1e OMNI | unaffected 2.4.42affected 0 - < 2.4.42 |
ECOVACS | DEEBOT T10 PLUS | unaffected 1.7.5affected 0 - < 1.7.5 |
ECOVACS | DEEBOT T10 OMNI | affected 0 - < 1.9.0unaffected 1.9.0 |
ECOVACS | DEEBOT X5 PRO ULTRA | affected 0 - < 1.17.0unaffected 1.17.0 |
ECOVACS | Mate X | unaffected 1.44.18affected 0 - < 1.44.18 |
ECOVACS | DEEBOT X2 PRO | unaffected 1.76.6affected 0 - < 1.76.6 |
ECOVACS | DEEBOT X2 COMBO | affected 0 - < 1.81.10unaffected 1.81.10 |
ECOVACS | DEEBOT X1 OMNI | affected 0 - < 2.4.41unaffected 2.4.41 |
ECOVACS | DEEBOT X1 PRO OMNI | unaffected 2.4.41affected 0 - < 2.4.41 |
ECOVACS | DEEBOT X1 PLUS | unaffected 1.7.3affected 0 - < 1.7.3 |
ECOVACS | DEEBOT X1S PRO PLUS | unaffected 1.23.0affected 0 - < 1.23.0 |
ECOVACS | DEEBOT T10 TURBO | unaffected 1.10.0affected 0 - < 1.10.0 |
ECOVACS | DEEBOT T10 | affected 0 - < 1.7.5unaffected 1.7.5 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now