Vulnerability Description
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.
CVSS Score
7.4
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ecovacs | Home | < 3.0.0 |
Related Weaknesses (CWE)
References
- https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdfExploitThird Party Advisory
- https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdfExploitThird Party Advisory
- https://www.ecovacs.com/global/userhelp/dsa20241217001Vendor Advisory
FAQ
What is CVE-2024-52329?
CVE-2024-52329 is a vulnerability with a CVSS score of 7.4 (HIGH). ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.
How severe is CVE-2024-52329?
CVE-2024-52329 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-52329?
Check the references section above for vendor advisories and patch information. Affected products include: Ecovacs Home.