CVE-2024-52330 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.4 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cisa-cg	CNA	7.4 HIGH				CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 18%

Vendor	Product	Version
ecovacs	deebot_x2_omni_firmware	𝑥 < 1.76.6
ecovacs	deebot_x2_combo_firmware	𝑥 < 1.81.10
ecovacs	deebot_x2s_firmware	𝑥 < 1.49.0
ecovacs	deebot_x5_pro_firmware	𝑥 < 1.70.0
ecovacs	deebot_x5_pro_plus_firmware	𝑥 < 1.38.0
ecovacs	deebot_x5_pro_ultra_firmware	𝑥 < 1.17.0
ecovacs	mate_x_firmware	𝑥 < 1.44.18
ecovacs	deebot_x1_omni_firmware	𝑥 < 2.4.41
ecovacs	deebot_x1_turbo_firmware	𝑥 < 2.4.41
ecovacs	deebot_x1_pro_omni_firmware	𝑥 < 2.4.41
ecovacs	deebot_x1_firmware	𝑥 < 1.7.3
ecovacs	deebot_x1_plus_firmware	𝑥 < 1.7.3
ecovacs	deebot_x1s_pro_firmware	𝑥 < 2.5.31
ecovacs	deebot_x1s_pro_plus_firmware	𝑥 < 1.23.0
ecovacs	deebot_x1e_omni_firmware	𝑥 < 2.4.42
ecovacs	deebot_t10_turbo_firmware	𝑥 < 1.10.0
ecovacs	deebot_t10_plus_firmware	𝑥 < 1.7.5
ecovacs	deebot_t10_firmware	𝑥 < 1.7.5
ecovacs	deebot_t10_omni_firmware	𝑥 < 1.9.0
ecovacs	deebot_x2_pro_firmware	𝑥 < 1.76.6

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

References

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf

https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf

https://www.ecovacs.com/global/userhelp/dsa20241217001