CVE-2024-52325
CRITICALDescription
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
Is your site exposed to CVE-2024-52325?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ecovacs | goat_g1-2000_firmware |
| ecovacs | goat_g1-2000 |
| ecovacs | goat_g1_firmware |
| ecovacs | goat_g1 |
| ecovacs | goat_g1-800_firmware |
| ecovacs | goat_g1-800 |
| ecovacs | gx-600_firmware |
| ecovacs | gx-600 |
| ecovacs | deebot_x2_omni_firmware |
| ecovacs | deebot_x2_omni |
| ecovacs | deebot_x2_combo_firmware |
| ecovacs | deebot_x2_combo |
| ecovacs | deebot_x2s_firmware |
| ecovacs | deebot_x2s |
| ecovacs | deebot_x5_pro_firmware |
| ecovacs | deebot_x5_pro |
| ecovacs | deebot_x5_pro_plus_firmware |
| ecovacs | deebot_x5_pro_plus |
| ecovacs | deebot_x5_pro_ultra_firmware |
| ecovacs | deebot_x5_pro_ultra |
| ecovacs | deebot_t30_omni_firmware |
| ecovacs | deebot_t30_omni |
| ecovacs | deebot_t30s_firmware |
| ecovacs | deebot_t30s |
References
Frequently Asked Questions
What is CVE-2024-52325? +
How severe is CVE-2024-52325? +
What products are affected by CVE-2024-52325? +
How do I check if I'm vulnerable to CVE-2024-52325? +
Related Vulnerabilities
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments …
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the …
Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command …
Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found …
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management …
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary …