CVE-2024-52328
LOWDescription
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ecovacs | deebot_n8_firmware |
| ecovacs | deebot_n8 |
| ecovacs | deebot_900_firmware |
| ecovacs | deebot_900 |
| ecovacs | deebot_t8_firmware |
| ecovacs | deebot_t8 |
| ecovacs | deebot_n9_firmware |
| ecovacs | deebot_n9 |
| ecovacs | deebot_t9_firmware |
| ecovacs | deebot_t9 |
| ecovacs | deebot_n10_firmware |
| ecovacs | deebot_n10 |
| ecovacs | deebot_t10_firmware |
| ecovacs | deebot_t10 |
| ecovacs | deebot_x1_firmware |
| ecovacs | deebot_x1 |
| ecovacs | deebot_t20_firmware |
| ecovacs | deebot_t20 |
| ecovacs | deebot_x2_firmware |
| ecovacs | deebot_x2 |
| ecovacs | goat_g1_firmware |
| ecovacs | goat_g1 |
| ecovacs | airbot_z1_firmware |
| ecovacs | airbot_z1 |
| ecovacs | airbot_ava_firmware |
| ecovacs | airbot_ava |
| ecovacs | airbot_andy_firmware |
| ecovacs | airbot_andy |
References
Frequently Asked Questions
What is CVE-2024-52328? +
How severe is CVE-2024-52328? +
What products are affected by CVE-2024-52328? +
How do I check if I'm vulnerable to CVE-2024-52328? +
Related Vulnerabilities
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to …
NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom …
Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5.
PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a …
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions …
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS …