Vulnerability Details CVE-2024-52331
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2024-52331
-
cpe:2.3:h:ecovacs:airbot_andy:-
-
cpe:2.3:h:ecovacs:airbot_ava:-
-
cpe:2.3:h:ecovacs:airbot_z1:-
-
cpe:2.3:h:ecovacs:deebot_900:-
-
cpe:2.3:h:ecovacs:deebot_n10:-
-
cpe:2.3:h:ecovacs:deebot_n8:-
-
cpe:2.3:h:ecovacs:deebot_n9:-
-
cpe:2.3:h:ecovacs:deebot_t10:-
-
cpe:2.3:h:ecovacs:deebot_t20:-
-
cpe:2.3:h:ecovacs:deebot_t8:-
-
cpe:2.3:h:ecovacs:deebot_t9:-
-
cpe:2.3:h:ecovacs:deebot_x1:-
-
cpe:2.3:h:ecovacs:deebot_x2:-
-
cpe:2.3:h:ecovacs:goat_g1:-
-
cpe:2.3:o:ecovacs:airbot_andy_firmware:-
-
cpe:2.3:o:ecovacs:airbot_ava_firmware:-
-
cpe:2.3:o:ecovacs:airbot_z1_firmware:-
-
cpe:2.3:o:ecovacs:deebot_900_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n10_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n8_firmware:-
-
cpe:2.3:o:ecovacs:deebot_n9_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t10_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t20_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t8_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t9_firmware:-
-
cpe:2.3:o:ecovacs:deebot_x1_firmware:-
-
cpe:2.3:o:ecovacs:deebot_x2_firmware:-
-
cpe:2.3:o:ecovacs:goat_g1_firmware:-