CVE-2024-52327

EUVD-2024-46256
The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
cisa-cgCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ecovacshome
𝑥
< 3.0.2
CNA
Common Weakness Enumeration
References
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf
https://www.ecovacs.com/global/userhelp/dsa20241217002