Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for goat_g1_firmware by ecovacs

    CVE-2024-52331 (GCVE-0-2024-52331)

    Vulnerability from nvd – Published: 2025-01-23 16:37 – Updated: 2025-10-02 14:10
    VLAI
    Title
    ECOVACS lawnmowers and vacuums deterministic firmware encryption key
    Summary
    ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    • CWE-1391 - Use of Weak Credentials
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Date Public
    2025-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52331",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:55:20.382490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:41:28.822Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2025-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1391",
                  "description": "CWE-1391 Use of Weak Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T14:10:10.821Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html"
            },
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            }
          ],
          "title": "ECOVACS lawnmowers and vacuums deterministic firmware encryption key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-52331",
        "datePublished": "2025-01-23T16:37:31.290Z",
        "dateReserved": "2024-11-08T01:06:02.405Z",
        "dateUpdated": "2025-10-02T14:10:10.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52328 (GCVE-0-2024-52328)

    Vulnerability from nvd – Published: 2025-01-23 16:35 – Updated: 2025-02-12 20:41
    VLAI
    Title
    ECOVACS lawnmowers and vacuums insecurely store audio warning files
    Summary
    ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Date Public
    2023-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52328",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:56:59.738808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:41:29.266Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2023-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T16:35:23.197Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
            },
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            }
          ],
          "title": "ECOVACS lawnmowers and vacuums insecurely store audio warning files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-52328",
        "datePublished": "2025-01-23T16:35:23.197Z",
        "dateReserved": "2024-11-08T01:06:02.404Z",
        "dateUpdated": "2025-02-12T20:41:29.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12079 (GCVE-0-2024-12079)

    Vulnerability from nvd – Published: 2025-01-23 16:39 – Updated: 2025-02-12 17:12
    VLAI
    Title
    ECOVACS lawnmowers cleartext storage of anti-theft PIN
    Summary
    ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Date Public
    2023-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12079",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:54:04.223721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:12:21.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2023-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T16:39:06.903Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            }
          ],
          "title": "ECOVACS lawnmowers cleartext storage of anti-theft PIN"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-12079",
        "datePublished": "2025-01-23T16:39:06.903Z",
        "dateReserved": "2024-12-03T00:26:02.380Z",
        "dateUpdated": "2025-02-12T17:12:21.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12078 (GCVE-0-2024-12078)

    Vulnerability from nvd – Published: 2025-01-23 16:38 – Updated: 2025-02-12 17:11
    VLAI
    Title
    ECOVACS lawnmowers and vacuums static BLE GATT encryption key
    Summary
    ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    Impacted products
    Date Public
    2023-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12078",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:54:13.718772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:11:14.933Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2023-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T16:38:48.017Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            },
            {
              "name": "url",
              "url": "https://youtu.be/_wUsM0Mlenc?t=2041"
            }
          ],
          "title": "ECOVACS lawnmowers and vacuums static BLE GATT encryption key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-12078",
        "datePublished": "2025-01-23T16:38:48.017Z",
        "dateReserved": "2024-12-02T23:55:12.974Z",
        "dateUpdated": "2025-02-12T17:11:14.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11147 (GCVE-0-2024-11147)

    Vulnerability from nvd – Published: 2025-01-23 16:37 – Updated: 2025-02-12 17:07
    VLAI
    Title
    ECOVACS lawnmowers and vacuums deterministic root password
    Summary
    ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Date Public
    2023-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11147",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:54:55.367221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:07:28.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2023-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T16:37:54.479Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
            },
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            },
            {
              "name": "url",
              "url": "https://builder.dontvacuum.me/ecopassword.php"
            }
          ],
          "title": "ECOVACS lawnmowers and vacuums deterministic root password"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-11147",
        "datePublished": "2025-01-23T16:37:54.479Z",
        "dateReserved": "2024-11-12T15:39:13.966Z",
        "dateUpdated": "2025-02-12T17:07:28.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52325 (GCVE-0-2024-52325)

    Vulnerability from nvd – Published: 2025-01-23 15:56 – Updated: 2025-02-12 20:41
    VLAI
    Title
    ECOVACS robot lawnmowers and vacuums command injection
    Summary
    ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ECOVACS GOAT G1 Affected: 0 , < 1.36.187 (custom)
    Unaffected: 1.36.187
    Create a notification for this product.
    ECOVACS GOAT G1-800 Affected: 0 , < 1.36.187 (custom)
    Unaffected: 1.36.187
    Create a notification for this product.
    ECOVACS DEEBOT X2S Affected: 0 , < 1.49.0 (custom)
    Unaffected: 1.49.0
    Create a notification for this product.
    ECOVACS DEEBOT X5 PRO Affected: 0 , < 1.70.0 (custom)
    Unaffected: 1.70.0
    Create a notification for this product.
    ECOVACS DEEBOT X5 PRO PLUS Affected: 0 , < 1.38.0 (custom)
    Unaffected: 1.38.0
    Create a notification for this product.
    ECOVACS DEEBOT T30 OMNI Affected: 0 , < 1.93.0 (custom)
    Unaffected: 1.93.0
    Create a notification for this product.
    ECOVACS DEEBOT T30S Affected: 0 , < 1.95.0 (custom)
    Unaffected: 1.95.0
    Create a notification for this product.
    ECOVACS GOAT G1-2000 Affected: 0 , < 1.36.187 (custom)
    Unaffected: 1.36.187
    Create a notification for this product.
    ECOVACS GOAT GX-600 Affected: 0 , < 1.2.120 (custom)
    Unaffected: 1.2.120
    Create a notification for this product.
    ECOVACS DEEBOT X2 OMNI Affected: 0 , < 1.76.6 (custom)
    Unaffected: 1.76.6
    Create a notification for this product.
    ECOVACS DEEBOT X2 COMBO Affected: 0 , < 1.81.10 (custom)
    Unaffected: 1.81.10
    Create a notification for this product.
    ECOVACS DEEBOT X5 PRO ULTRA Affected: 0 , < 1.17.0 (custom)
    Unaffected: 1.17.0
    Create a notification for this product.
    Date Public
    2024-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:11:52.931430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:41:26.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GOAT G1",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.36.187",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.36.187"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "GOAT G1-800",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.36.187",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.36.187"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X2S",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.49.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.49.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X5 PRO",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.70.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.70.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X5 PRO PLUS",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.38.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.38.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT T30 OMNI",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.93.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.93.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT T30S",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.95.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.95.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "GOAT G1-2000",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.36.187",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.36.187"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "GOAT GX-600",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.2.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.2.120"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X2  OMNI",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.76.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.76.6"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X2 COMBO",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.81.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.81.10"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X5 PRO ULTRA",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.17.0"
                }
              ]
            }
          ],
          "datePublic": "2024-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-24T15:04:12.565Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf"
            },
            {
              "name": "url",
              "url": "https://youtu.be/_wUsM0Mlenc?t=2041"
            },
            {
              "name": "url",
              "url": "https://www.ecovacs.com/global/userhelp/dsa20241130001"
            },
            {
              "name": "url",
              "url": "https://www.ecovacs.com/global/userhelp/dsa20241119"
            }
          ],
          "title": "ECOVACS robot lawnmowers and vacuums command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-52325",
        "datePublished": "2025-01-23T15:56:30.185Z",
        "dateReserved": "2024-11-08T01:06:02.404Z",
        "dateUpdated": "2025-02-12T20:41:26.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12079 (GCVE-0-2024-12079)

    Vulnerability from cvelistv5 – Published: 2025-01-23 16:39 – Updated: 2025-02-12 17:12
    VLAI
    Title
    ECOVACS lawnmowers cleartext storage of anti-theft PIN
    Summary
    ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Date Public
    2023-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12079",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:54:04.223721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:12:21.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2023-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T16:39:06.903Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            }
          ],
          "title": "ECOVACS lawnmowers cleartext storage of anti-theft PIN"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-12079",
        "datePublished": "2025-01-23T16:39:06.903Z",
        "dateReserved": "2024-12-03T00:26:02.380Z",
        "dateUpdated": "2025-02-12T17:12:21.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12078 (GCVE-0-2024-12078)

    Vulnerability from cvelistv5 – Published: 2025-01-23 16:38 – Updated: 2025-02-12 17:11
    VLAI
    Title
    ECOVACS lawnmowers and vacuums static BLE GATT encryption key
    Summary
    ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    Impacted products
    Date Public
    2023-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12078",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:54:13.718772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:11:14.933Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2023-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321 Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T16:38:48.017Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            },
            {
              "name": "url",
              "url": "https://youtu.be/_wUsM0Mlenc?t=2041"
            }
          ],
          "title": "ECOVACS lawnmowers and vacuums static BLE GATT encryption key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-12078",
        "datePublished": "2025-01-23T16:38:48.017Z",
        "dateReserved": "2024-12-02T23:55:12.974Z",
        "dateUpdated": "2025-02-12T17:11:14.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11147 (GCVE-0-2024-11147)

    Vulnerability from cvelistv5 – Published: 2025-01-23 16:37 – Updated: 2025-02-12 17:07
    VLAI
    Title
    ECOVACS lawnmowers and vacuums deterministic root password
    Summary
    ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Date Public
    2023-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11147",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:54:55.367221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:07:28.749Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2023-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "PHYSICAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T16:37:54.479Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
            },
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            },
            {
              "name": "url",
              "url": "https://builder.dontvacuum.me/ecopassword.php"
            }
          ],
          "title": "ECOVACS lawnmowers and vacuums deterministic root password"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-11147",
        "datePublished": "2025-01-23T16:37:54.479Z",
        "dateReserved": "2024-11-12T15:39:13.966Z",
        "dateUpdated": "2025-02-12T17:07:28.749Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52331 (GCVE-0-2024-52331)

    Vulnerability from cvelistv5 – Published: 2025-01-23 16:37 – Updated: 2025-10-02 14:10
    VLAI
    Title
    ECOVACS lawnmowers and vacuums deterministic firmware encryption key
    Summary
    ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    • CWE-1391 - Use of Weak Credentials
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Date Public
    2025-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52331",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:55:20.382490Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:41:28.822Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2025-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            },
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-1391",
                  "description": "CWE-1391 Use of Weak Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T14:10:10.821Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html"
            },
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            }
          ],
          "title": "ECOVACS lawnmowers and vacuums deterministic firmware encryption key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-52331",
        "datePublished": "2025-01-23T16:37:31.290Z",
        "dateReserved": "2024-11-08T01:06:02.405Z",
        "dateUpdated": "2025-10-02T14:10:10.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52328 (GCVE-0-2024-52328)

    Vulnerability from cvelistv5 – Published: 2025-01-23 16:35 – Updated: 2025-02-12 20:41
    VLAI
    Title
    ECOVACS lawnmowers and vacuums insecurely store audio warning files
    Summary
    ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Date Public
    2023-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52328",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:56:59.738808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:41:29.266Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Unspecified robots",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "datePublic": "2023-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T16:35:23.197Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
            },
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
            }
          ],
          "title": "ECOVACS lawnmowers and vacuums insecurely store audio warning files"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-52328",
        "datePublished": "2025-01-23T16:35:23.197Z",
        "dateReserved": "2024-11-08T01:06:02.404Z",
        "dateUpdated": "2025-02-12T20:41:29.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52325 (GCVE-0-2024-52325)

    Vulnerability from cvelistv5 – Published: 2025-01-23 15:56 – Updated: 2025-02-12 20:41
    VLAI
    Title
    ECOVACS robot lawnmowers and vacuums command injection
    Summary
    ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ECOVACS GOAT G1 Affected: 0 , < 1.36.187 (custom)
    Unaffected: 1.36.187
    Create a notification for this product.
    ECOVACS GOAT G1-800 Affected: 0 , < 1.36.187 (custom)
    Unaffected: 1.36.187
    Create a notification for this product.
    ECOVACS DEEBOT X2S Affected: 0 , < 1.49.0 (custom)
    Unaffected: 1.49.0
    Create a notification for this product.
    ECOVACS DEEBOT X5 PRO Affected: 0 , < 1.70.0 (custom)
    Unaffected: 1.70.0
    Create a notification for this product.
    ECOVACS DEEBOT X5 PRO PLUS Affected: 0 , < 1.38.0 (custom)
    Unaffected: 1.38.0
    Create a notification for this product.
    ECOVACS DEEBOT T30 OMNI Affected: 0 , < 1.93.0 (custom)
    Unaffected: 1.93.0
    Create a notification for this product.
    ECOVACS DEEBOT T30S Affected: 0 , < 1.95.0 (custom)
    Unaffected: 1.95.0
    Create a notification for this product.
    ECOVACS GOAT G1-2000 Affected: 0 , < 1.36.187 (custom)
    Unaffected: 1.36.187
    Create a notification for this product.
    ECOVACS GOAT GX-600 Affected: 0 , < 1.2.120 (custom)
    Unaffected: 1.2.120
    Create a notification for this product.
    ECOVACS DEEBOT X2 OMNI Affected: 0 , < 1.76.6 (custom)
    Unaffected: 1.76.6
    Create a notification for this product.
    ECOVACS DEEBOT X2 COMBO Affected: 0 , < 1.81.10 (custom)
    Unaffected: 1.81.10
    Create a notification for this product.
    ECOVACS DEEBOT X5 PRO ULTRA Affected: 0 , < 1.17.0 (custom)
    Unaffected: 1.17.0
    Create a notification for this product.
    Date Public
    2024-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-23T16:11:52.931430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T20:41:26.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GOAT G1",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.36.187",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.36.187"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "GOAT G1-800",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.36.187",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.36.187"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X2S",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.49.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.49.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X5 PRO",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.70.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.70.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X5 PRO PLUS",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.38.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.38.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT T30 OMNI",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.93.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.93.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT T30S",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.95.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.95.0"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "GOAT G1-2000",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.36.187",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.36.187"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "GOAT GX-600",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.2.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.2.120"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X2  OMNI",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.76.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.76.6"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X2 COMBO",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.81.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.81.10"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "DEEBOT X5 PRO ULTRA",
              "vendor": "ECOVACS",
              "versions": [
                {
                  "lessThan": "1.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.17.0"
                }
              ]
            }
          ],
          "datePublic": "2024-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-24T15:04:12.565Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "name": "url",
              "url": "https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf"
            },
            {
              "name": "url",
              "url": "https://youtu.be/_wUsM0Mlenc?t=2041"
            },
            {
              "name": "url",
              "url": "https://www.ecovacs.com/global/userhelp/dsa20241130001"
            },
            {
              "name": "url",
              "url": "https://www.ecovacs.com/global/userhelp/dsa20241119"
            }
          ],
          "title": "ECOVACS robot lawnmowers and vacuums command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-52325",
        "datePublished": "2025-01-23T15:56:30.185Z",
        "dateReserved": "2024-11-08T01:06:02.404Z",
        "dateUpdated": "2025-02-12T20:41:26.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }