CVE-2024-52330 HIGH

CVE-2024-52330: ECOVACS lawnmowers and vacuums do not properly validate TLS certificates

Vendor Ecovacs
Product DEEBOT X5 PRO PLUS
Weakness CWE-295
Published January 23, 2025
Last update February 12, 2025

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.

Key dates

02Disclosure timeline

January 23, 2025 CVE published
February 12, 2025 Record updated