Vulnerability Details CVE-2024-52328
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.9%
CVSS Severity
CVSS v3 Score 2.3
References
Products affected by CVE-2024-52328
-
cpe:2.3:h:ecovacs:airbot_andy:-
-
cpe:2.3:h:ecovacs:airbot_ava:-
-
cpe:2.3:h:ecovacs:airbot_z1:-
-
cpe:2.3:h:ecovacs:deebot_900:-
-
cpe:2.3:h:ecovacs:deebot_n10:-
-
cpe:2.3:h:ecovacs:deebot_n8:-
-
cpe:2.3:h:ecovacs:deebot_n9:-
-
cpe:2.3:h:ecovacs:deebot_t10:-
-
cpe:2.3:h:ecovacs:deebot_t20:-
-
cpe:2.3:h:ecovacs:deebot_t8:-
-
cpe:2.3:h:ecovacs:deebot_t9:-
-
cpe:2.3:h:ecovacs:deebot_x1:-
-
cpe:2.3:h:ecovacs:deebot_x2:-
-
cpe:2.3:h:ecovacs:goat_g1:-
-
cpe:2.3:o:ecovacs:airbot_andy_firmware:-
-
cpe:2.3:o:ecovacs:airbot_ava_firmware:-
-
cpe:2.3:o:ecovacs:airbot_z1_firmware:-
-
cpe:2.3:o:ecovacs:deebot_900_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n10_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n8_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n9_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t10_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t20_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t8_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t9_firmware:-
-
cpe:2.3:o:ecovacs:deebot_x1_firmware:-
-
cpe:2.3:o:ecovacs:deebot_x2_firmware:-
-
cpe:2.3:o:ecovacs:goat_g1_firmware:-