CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-52325: ECOVACS robot lawnmowers and vacuums command injection
5.8
CVSS
Description
ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.
Classification
CVE ID: CVE-2024-52325
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.8
Affected Products
Vendor: ECOVACS
Product: GOAT G1
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 17.97% (scored less or equal to compared to others)
EPSS Date: 2025-02-21 (when was this score calculated)
References
https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdfhttps://youtu.be/_wUsM0Mlenc?t=2041
https://www.ecovacs.com/global/userhelp/dsa20241130001
https://www.ecovacs.com/global/userhelp/dsa20241119