CVE-2024-52330 (GCVE-0-2024-52330)
Vulnerability from cvelistv5 – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41
VLAI?
Title
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
Severity ?
7.4 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| ECOVACS | DEEBOT X5 PRO PLUS |
Unaffected:
1.38.0
Affected: 0 , < 1.38.0 (custom) |
|
| ECOVACS | DEEBOT X5 PRO |
Unaffected:
1.70.0
Affected: 0 , < 1.70.0 (custom) |
|
| ECOVACS | DEEBOT X2S |
Affected:
0 , < 1.49.0
(custom)
Unaffected: 1.49.0 |
|
| ECOVACS | DEEBOT X2 OMNI |
Unaffected:
1.76.6
Affected: 0 , < 1.76.6 (custom) |
|
| ECOVACS | DEEBOT X1 TURBO |
Affected:
0 , < 2.4.41
(custom)
Unaffected: 2.4.41 |
|
| ECOVACS | DEEBOT X1 |
Unaffected:
1.7.3
Affected: 0 , < 1.7.3 (custom) |
|
| ECOVACS | DEEBOT X1S PRO |
Unaffected:
2.5.31
Affected: 0 , < 2.5.31 (custom) |
|
| ECOVACS | DEEBOT X1e OMNI |
Unaffected:
2.4.42
Affected: 0 , < 2.4.42 (custom) |
|
| ECOVACS | DEEBOT T10 PLUS |
Unaffected:
1.7.5
Affected: 0 , < 1.7.5 (custom) |
|
| ECOVACS | DEEBOT T10 OMNI |
Affected:
0 , < 1.9.0
(custom)
Unaffected: 1.9.0 |
|
| ECOVACS | DEEBOT X5 PRO ULTRA |
Affected:
0 , < 1.17.0
(custom)
Unaffected: 1.17.0 |
|
| ECOVACS | Mate X |
Unaffected:
1.44.18
Affected: 0 , < 1.44.18 (custom) |
|
| ECOVACS | DEEBOT X2 PRO |
Unaffected:
1.76.6
Affected: 0 , < 1.76.6 (custom) |
|
| ECOVACS | DEEBOT X2 COMBO |
Affected:
0 , < 1.81.10
(custom)
Unaffected: 1.81.10 |
|
| ECOVACS | DEEBOT X1 OMNI |
Affected:
0 , < 2.4.41
(custom)
Unaffected: 2.4.41 |
|
| ECOVACS | DEEBOT X1 PRO OMNI |
Unaffected:
2.4.41
Affected: 0 , < 2.4.41 (custom) |
|
| ECOVACS | DEEBOT X1 PLUS |
Unaffected:
1.7.3
Affected: 0 , < 1.7.3 (custom) |
|
| ECOVACS | DEEBOT X1S PRO PLUS |
Unaffected:
1.23.0
Affected: 0 , < 1.23.0 (custom) |
|
| ECOVACS | DEEBOT T10 TURBO |
Unaffected:
1.10.0
Affected: 0 , < 1.10.0 (custom) |
|
| ECOVACS | DEEBOT T10 |
Affected:
0 , < 1.7.5
(custom)
Unaffected: 1.7.5 |
Date Public ?
2023-12-27 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52330",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:56:31.855219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:28.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.38.0"
},
{
"lessThan": "1.38.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.70.0"
},
{
"lessThan": "1.70.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2S",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.49.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.49.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.5.31"
},
{
"lessThan": "2.5.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1e OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.42"
},
{
"lessThan": "2.4.42",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.5"
},
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.9.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X5 PRO ULTRA",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.17.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mate X",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.44.18"
},
{
"lessThan": "1.44.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 PRO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.76.6"
},
{
"lessThan": "1.76.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X2 COMBO",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.81.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.81.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 OMNI",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "2.4.41"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PRO OMNI",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "2.4.41"
},
{
"lessThan": "2.4.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1 PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.7.3"
},
{
"lessThan": "1.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT X1S PRO PLUS",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.23.0"
},
{
"lessThan": "1.23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10 TURBO",
"vendor": "ECOVACS",
"versions": [
{
"status": "unaffected",
"version": "1.10.0"
},
{
"lessThan": "1.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DEEBOT T10",
"vendor": "ECOVACS",
"versions": [
{
"lessThan": "1.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.7.5"
}
]
}
],
"datePublic": "2023-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
},
{
"cvssV4_0": {
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:36:50.128Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
},
{
"name": "url",
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"name": "url",
"url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
}
],
"title": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-52330",
"datePublished": "2025-01-23T16:36:50.128Z",
"dateReserved": "2024-11-08T01:06:02.405Z",
"dateUpdated": "2025-02-12T20:41:28.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-52330",
"date": "2026-05-19",
"epss": "0.00664",
"percentile": "0.71423"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-52330\",\"sourceIdentifier\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"published\":\"2025-01-23T17:15:14.427\",\"lastModified\":\"2025-09-23T17:48:33.127\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.\"},{\"lang\":\"es\",\"value\":\"Las cortadoras de c\u00e9sped y las aspiradoras ECOVACS no validan correctamente los certificados TLS. Un atacante no autenticado puede leer o modificar el tr\u00e1fico TLS, posiblemente modificando las actualizaciones de firmware.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.5,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x2_omni_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.76.6\",\"matchCriteriaId\":\"DFBAD9FC-1343-4D07-99E6-9E7C3D77C694\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x2_omni:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD94283-0BC1-4C7C-A5F3-9D57E44B4C64\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x2_combo_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.81.10\",\"matchCriteriaId\":\"DAF98AFD-C399-4AB8-A637-29561F39F134\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x2_combo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C12633C-1BD2-4BF6-BF11-FC05221B93EB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x2s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.49.0\",\"matchCriteriaId\":\"969D4A03-B499-4218-BF07-22E51654AA6C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x2s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11AA1D51-EE29-4252-A739-1F1D4A3F428D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x5_pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.70.0\",\"matchCriteriaId\":\"5B819C9B-F143-4A63-825C-B1DF1DCB16B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x5_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64AB781B-CB28-4229-A74D-8CDD325EFAC3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x5_pro_plus_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.38.0\",\"matchCriteriaId\":\"0F61F40B-6031-4C32-9571-B92C3377EFB2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x5_pro_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE49BE7-59E8-4447-B78B-4FEDF4F773CD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x5_pro_ultra_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.0\",\"matchCriteriaId\":\"9C4821F3-3B7D-4035-980F-C11713C5D424\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x5_pro_ultra:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8504979A-A4F0-4A03-8816-E9AB3BD6F40B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:mate_x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.44.18\",\"matchCriteriaId\":\"0C4EC5E7-04E3-497C-ACD9-2479C48A2FC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:mate_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706F2C75-0E75-487B-BA24-EB824E6BC16B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.41\",\"matchCriteriaId\":\"8F75A470-5B86-41C6-86E2-232656AF68F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x1_omni:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E23E30-45BE-4142-8E9C-032282F3B6A6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.41\",\"matchCriteriaId\":\"0F868AC3-7B87-44E5-A7B0-F2C85DCA7E7C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x1_turbo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65F69609-1D21-461A-9457-A745194759CD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.41\",\"matchCriteriaId\":\"2B044584-55B4-4E88-99C9-9A48D9B4E908\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"003B54E0-B2FF-485A-9A55-925609EE8DF1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.3\",\"matchCriteriaId\":\"4AE87B2E-A1B1-438E-9482-E8466647050B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DA0B484-221F-4E67-927F-DBCBBC1F6448\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x1_plus_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.3\",\"matchCriteriaId\":\"7DC2AA81-5895-43EE-8B34-D8074DDD301F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x1_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5586D60-D87F-45A1-8619-F6CC12AD9731\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.5.31\",\"matchCriteriaId\":\"849A58E5-2700-49F4-BF60-C35E97689AE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"037628A9-DD54-4A4B-97A9-78142B76E91E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x1s_pro_plus_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.23.0\",\"matchCriteriaId\":\"7526B614-1962-490C-8972-2A275A471A86\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x1s_pro_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4612A790-C3CC-40AA-8E31-2C2918C6AB6C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x1e_omni_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.42\",\"matchCriteriaId\":\"67C721A5-53B6-4B15-A76C-481EF4C45147\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x1e_omni:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16705AA3-4CAE-4BF5-8084-6A6CB30A1E8C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.0\",\"matchCriteriaId\":\"454C233D-82D5-4B99-AC3A-94B1CF23F078\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_t10_turbo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DEFE0B-99F7-49DF-96E3-69B6FC1EF262\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.5\",\"matchCriteriaId\":\"79E44970-1ADF-4170-A09A-F64F02E27C64\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_t10_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CBAA124-1B4C-4E75-80E1-A747AC9183E1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_t10_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.5\",\"matchCriteriaId\":\"4CA98740-BA9B-4479-B92F-F76B1234D2FE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"318C962D-54C2-456E-A045-1332A02958E9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.9.0\",\"matchCriteriaId\":\"B843C490-26E9-4D03-8BCB-DBC462833D12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_t10_omni:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11395F70-87C2-41DD-9D9A-CFA8D0512ECE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ecovacs:deebot_x2_pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.76.6\",\"matchCriteriaId\":\"F3F737D6-74BD-47F8-88B7-045E8B280E46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:ecovacs:deebot_x2_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98FE3FD-E432-4DD7-AF87-6FBA4C4ABC45\"}]}]}],\"references\":[{\"url\":\"https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf\",\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf\",\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.ecovacs.com/global/userhelp/dsa20241217001\",\"source\":\"9119a7d8-5eab-497f-8521-727c672e3725\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52330\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-23T16:56:31.855219Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T20:35:32.396Z\"}}], \"cna\": {\"title\": \"ECOVACS lawnmowers and vacuums do not properly validate TLS certificates\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\"}}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.5, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H\"}}], \"affected\": [{\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X5 PRO PLUS\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.38.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.38.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X5 PRO\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.70.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.70.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X2S\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.49.0\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"1.49.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X2 OMNI\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.76.6\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.76.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X1 TURBO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.4.41\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"2.4.41\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.7.3\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.7.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X1S PRO\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.5.31\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.5.31\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X1e OMNI\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.4.42\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.4.42\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT T10 PLUS\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.7.5\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.7.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT T10 OMNI\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.9.0\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"1.9.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X5 PRO ULTRA\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.17.0\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"1.17.0\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"Mate X\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.44.18\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.44.18\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X2 PRO\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.76.6\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.76.6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X2 COMBO\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.81.10\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"1.81.10\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X1 OMNI\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.4.41\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"2.4.41\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X1 PRO OMNI\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"2.4.41\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.4.41\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X1 PLUS\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.7.3\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.7.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT X1S PRO PLUS\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.23.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.23.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT T10 TURBO\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.10.0\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.10.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"ECOVACS\", \"product\": \"DEEBOT T10\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.7.5\", \"versionType\": \"custom\"}, {\"status\": \"unaffected\", \"version\": \"1.7.5\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2023-12-27T00:00:00.000Z\", \"references\": [{\"url\": \"https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf\", \"name\": \"url\"}, {\"url\": \"https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf\", \"name\": \"url\"}, {\"url\": \"https://www.ecovacs.com/global/userhelp/dsa20241217001\", \"name\": \"url\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"9119a7d8-5eab-497f-8521-727c672e3725\", \"shortName\": \"cisa-cg\", \"dateUpdated\": \"2025-01-23T16:36:50.128Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-52330\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-12T20:41:28.969Z\", \"dateReserved\": \"2024-11-08T01:06:02.405Z\", \"assignerOrgId\": \"9119a7d8-5eab-497f-8521-727c672e3725\", \"datePublished\": \"2025-01-23T16:36:50.128Z\", \"assignerShortName\": \"cisa-cg\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…