VAR-202501-3202
Vulnerability from variot - Updated: 2025-10-02 23:37ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. DEEBOT N8 firmware, DEEBOT 900 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability in improper permission assignment for critical resources.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-3202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbot andy",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": "eq",
"trust": 1.0,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot ava",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "goat g1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot andy",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot t20",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n9",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot 900",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n8",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot x2",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "airbot z1",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
},
{
"model": "deebot n10",
"scope": null,
"trust": 0.8,
"vendor": "ecovacs",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"cve": "CVE-2024-52328",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"id": "CVE-2024-52328",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 2.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2024-028232",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-52328",
"trust": 1.0,
"value": "Low"
},
{
"author": "OTHER",
"id": "JVNDB-2024-028232",
"trust": 0.8,
"value": "Low"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. DEEBOT N8 firmware, DEEBOT 900 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability in improper permission assignment for critical resources.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-52328"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-52328",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-028232",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"id": "VAR-202501-3202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-10-02T23:37:01.563000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
},
{
"trust": 1.8,
"url": "https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.pdf"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-52328"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"date": "2025-01-23T17:15:14.133000",
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-30T07:49:00",
"db": "JVNDB",
"id": "JVNDB-2024-028232"
},
{
"date": "2025-09-23T17:44:56.110000",
"db": "NVD",
"id": "CVE-2024-52328"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ECOVACS\u00a0 Vulnerability in improper permission assignment for critical resources in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-028232"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…