CVE-2024-52328

Exploit

EPSS 0.21%
Veröffentlicht 23.01.2025 17:15:14
Zuletzt bearbeitet 23.09.2025 17:44:56
Quelle 9119a7d8-5eab-497f-8521-727c67
CVE-Watchlists
Login
Unerledigt
Login

ECOVACS lawnmowers and vacuums insecurely store audio warning files

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 14 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ecovacs ≫ Deebot N8 Firmware Version-

Ecovacs ≫ Deebot N8 Version-

Ecovacs ≫ Deebot 900 Firmware Version-

Ecovacs ≫ Deebot 900 Version-

Ecovacs ≫ Deebot T8 Firmware Version-

Ecovacs ≫ Deebot T8 Version-

Ecovacs ≫ Deebot N9 Firmware Version-

Ecovacs ≫ Deebot N9 Version-

Ecovacs ≫ Deebot T9 Firmware Version-

Ecovacs ≫ Deebot T9 Version-

Ecovacs ≫ Deebot N10 Firmware Version-

Ecovacs ≫ Deebot N10 Version-

Ecovacs ≫ Deebot T10 Firmware Version-

Ecovacs ≫ Deebot T10 Version-

Ecovacs ≫ Deebot X1 Firmware Version-

Ecovacs ≫ Deebot X1 Version-

Ecovacs ≫ Deebot T20 Firmware Version-

Ecovacs ≫ Deebot T20 Version-

Ecovacs ≫ Deebot X2 Firmware Version-

Ecovacs ≫ Deebot X2 Version-

Ecovacs ≫ Goat G1 Firmware Version-

Ecovacs ≫ Goat G1 Version-

Ecovacs ≫ Airbot Z1 Firmware Version-

Ecovacs ≫ Airbot Z1 Version-

Ecovacs ≫ Airbot Ava Firmware Version-

Ecovacs ≫ Airbot Ava Version-

Ecovacs ≫ Airbot Andy Firmware Version-

Ecovacs ≫ Airbot Andy Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.11

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
9119a7d8-5eab-497f-8521-727c672e3725	1.8	0	0	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
9119a7d8-5eab-497f-8521-727c672e3725	2.3	0.8	1.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf

Third Party Advisory

Exploit

https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-52328

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-52328

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-52328

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-52328