CVE-2024-52330 - Vulnerability Details

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Ecovacs	Deebot T10 Deebot T10 Firmware Deebot T10 Omni Deebot T10 Omni Firmware Deebot T10 Plus Deebot T10 Plus Firmware Deebot T10 Turbo Deebot T10 Turbo Firmware Deebot X1 Deebot X1 Firmware Deebot X1 Omni Deebot X1 Omni Firmware Deebot X1 Plus Deebot X1 Plus Firmware Deebot X1 Pro Omni Deebot X1 Pro Omni Firmware Deebot X1 Turbo Deebot X1 Turbo Firmware Deebot X1e Omni Deebot X1e Omni Firmware Deebot X1s Pro Deebot X1s Pro Firmware Deebot X1s Pro Plus Deebot X1s Pro Plus Firmware Deebot X2 Combo Deebot X2 Combo Firmware Deebot X2 Omni Deebot X2 Omni Firmware Deebot X2 Pro Deebot X2 Pro Firmware Deebot X2s Deebot X2s Firmware Deebot X5 Pro Deebot X5 Pro Firmware Deebot X5 Pro Plus Deebot X5 Pro Plus Firmware Deebot X5 Pro Ultra Deebot X5 Pro Ultra Firmware Mate X Mate X Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ecovacs:deebot_x2_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x2_omni:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ecovacs:deebot_x2_combo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x2_combo:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ecovacs:deebot_x2s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x2s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ecovacs:deebot_x5_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x5_pro:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ecovacs:deebot_x5_pro_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x5_pro_plus:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:ecovacs:deebot_x5_pro_ultra_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x5_pro_ultra:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:ecovacs:mate_x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:mate_x:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1_omni:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1_turbo:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:ecovacs:deebot_x1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:ecovacs:deebot_x1_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1_plus:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:ecovacs:deebot_x1s_pro_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1s_pro_plus:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:ecovacs:deebot_x1e_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1e_omni:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t10_turbo:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t10_plus:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:ecovacs:deebot_t10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t10_omni:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:ecovacs:deebot_x2_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x2_pro:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf
https://www.ecovacs.com/global/userhelp/dsa20241217001

History

Tue, 23 Sep 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ecovacs Ecovacs deebot T10 Ecovacs deebot T10 Firmware Ecovacs deebot T10 Omni Ecovacs deebot T10 Omni Firmware Ecovacs deebot T10 Plus Ecovacs deebot T10 Plus Firmware Ecovacs deebot T10 Turbo Ecovacs deebot T10 Turbo Firmware Ecovacs deebot X1 Ecovacs deebot X1 Firmware Ecovacs deebot X1 Omni Ecovacs deebot X1 Omni Firmware Ecovacs deebot X1 Plus Ecovacs deebot X1 Plus Firmware Ecovacs deebot X1 Pro Omni Ecovacs deebot X1 Pro Omni Firmware Ecovacs deebot X1 Turbo Ecovacs deebot X1 Turbo Firmware Ecovacs deebot X1e Omni Ecovacs deebot X1e Omni Firmware Ecovacs deebot X1s Pro Ecovacs deebot X1s Pro Firmware Ecovacs deebot X1s Pro Plus Ecovacs deebot X1s Pro Plus Firmware Ecovacs deebot X2 Combo Ecovacs deebot X2 Combo Firmware Ecovacs deebot X2 Omni Ecovacs deebot X2 Omni Firmware Ecovacs deebot X2 Pro Ecovacs deebot X2 Pro Firmware Ecovacs deebot X2s Ecovacs deebot X2s Firmware Ecovacs deebot X5 Pro Ecovacs deebot X5 Pro Firmware Ecovacs deebot X5 Pro Plus Ecovacs deebot X5 Pro Plus Firmware Ecovacs deebot X5 Pro Ultra Ecovacs deebot X5 Pro Ultra Firmware Ecovacs mate X Ecovacs mate X Firmware
CPEs		cpe:2.3:h:ecovacs:deebot_t10:-:::::::* cpe:2.3:h:ecovacs:deebot_t10_omni:-:::::::* cpe:2.3:h:ecovacs:deebot_t10_plus:-:::::::* cpe:2.3:h:ecovacs:deebot_t10_turbo:-:::::::* cpe:2.3:h:ecovacs:deebot_x1:-:::::::* cpe:2.3:h:ecovacs:deebot_x1_omni:-:::::::* cpe:2.3:h:ecovacs:deebot_x1_plus:-:::::::* cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:::::::* cpe:2.3:h:ecovacs:deebot_x1_turbo:-:::::::* cpe:2.3:h:ecovacs:deebot_x1e_omni:-:::::::* cpe:2.3:h:ecovacs:deebot_x1s_pro:-:::::::* cpe:2.3:h:ecovacs:deebot_x1s_pro_plus:-:::::::* cpe:2.3:h:ecovacs:deebot_x2_combo:-:::::::* cpe:2.3:h:ecovacs:deebot_x2_omni:-:::::::* cpe:2.3:h:ecovacs:deebot_x2_pro:-:::::::* cpe:2.3:h:ecovacs:deebot_x2s:-:::::::* cpe:2.3:h:ecovacs:deebot_x5_pro:-:::::::* cpe:2.3:h:ecovacs:deebot_x5_pro_plus:-:::::::* cpe:2.3:h:ecovacs:deebot_x5_pro_ultra:-:::::::* cpe:2.3:h:ecovacs:mate_x:-:::::::* cpe:2.3:o:ecovacs:deebot_t10_firmware:::::::: cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:::::::: cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:::::::: cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1_plus_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1e_omni_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1s_pro_plus_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x2_combo_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x2_omni_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x2_pro_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x2s_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x5_pro_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x5_pro_plus_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x5_pro_ultra_firmware:::::::: cpe:2.3:o:ecovacs:mate_x_firmware::::::::
Vendors & Products		Ecovacs Ecovacs deebot T10 Ecovacs deebot T10 Firmware Ecovacs deebot T10 Omni Ecovacs deebot T10 Omni Firmware Ecovacs deebot T10 Plus Ecovacs deebot T10 Plus Firmware Ecovacs deebot T10 Turbo Ecovacs deebot T10 Turbo Firmware Ecovacs deebot X1 Ecovacs deebot X1 Firmware Ecovacs deebot X1 Omni Ecovacs deebot X1 Omni Firmware Ecovacs deebot X1 Plus Ecovacs deebot X1 Plus Firmware Ecovacs deebot X1 Pro Omni Ecovacs deebot X1 Pro Omni Firmware Ecovacs deebot X1 Turbo Ecovacs deebot X1 Turbo Firmware Ecovacs deebot X1e Omni Ecovacs deebot X1e Omni Firmware Ecovacs deebot X1s Pro Ecovacs deebot X1s Pro Firmware Ecovacs deebot X1s Pro Plus Ecovacs deebot X1s Pro Plus Firmware Ecovacs deebot X2 Combo Ecovacs deebot X2 Combo Firmware Ecovacs deebot X2 Omni Ecovacs deebot X2 Omni Firmware Ecovacs deebot X2 Pro Ecovacs deebot X2 Pro Firmware Ecovacs deebot X2s Ecovacs deebot X2s Firmware Ecovacs deebot X5 Pro Ecovacs deebot X5 Pro Firmware Ecovacs deebot X5 Pro Plus Ecovacs deebot X5 Pro Plus Firmware Ecovacs deebot X5 Pro Ultra Ecovacs deebot X5 Pro Ultra Firmware Ecovacs mate X Ecovacs mate X Firmware

Wed, 12 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 23 Jan 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
Title		ECOVACS lawnmowers and vacuums do not properly validate TLS certificates
Weaknesses		CWE-295
References		https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf https://www.ecovacs.com/global/userhelp/dsa20241217001
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}` cvssV4_0 `{'score': 9.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published: 2025-01-23T16:36:50.128Z

Updated: 2025-02-12T20:41:28.969Z

Reserved: 2024-11-08T01:06:02.405Z

Link: CVE-2024-52330

Vulnrichment

Updated: 2025-02-12T20:35:32.396Z

NVD

Status : Analyzed

Published: 2025-01-23T17:15:14.427

Modified: 2025-09-23T17:48:33.127

Link: CVE-2024-52330

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object