CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cisa-cgCNA
7.4 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Common Weakness Enumeration
References
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf
https://www.ecovacs.com/global/userhelp/dsa20241217001