Sign-up

ID

VAR-202501-2794


CVE

CVE-2024-52331


TITLE

plural  ECOVACS  Vulnerability related to insufficient integrity verification of downloaded code in products

Trust: 0.8

sources: JVNDB: JVNDB-2024-028231

DESCRIPTION

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot. DEEBOT 900 firmware, DEEBOT N8 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains vulnerabilities related to the insufficient integrity verification of downloaded code and the use of weak authentication credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-52331 // JVNDB: JVNDB-2024-028231

AFFECTED PRODUCTS

vendor:ecovacsmodel:deebot t10scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n10scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot x1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot x2scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n8scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t20scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:goat g1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot avascope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot z1scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot n9scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot andyscope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t8scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot t9scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:deebot 900scope:eqversion: -

Trust: 1.0

vendor:ecovacsmodel:airbot avascope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t10scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t9scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:goat g1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot x1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:airbot andyscope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t8scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot t20scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n9scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot 900scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n8scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot x2scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:airbot z1scope: - version: -

Trust: 0.8

vendor:ecovacsmodel:deebot n10scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-028231 // NVD: CVE-2024-52331

CVSS

SEVERITY

CVSSV2

CVSSV3

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2024-52331
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-028231
value: HIGH

Trust: 0.8

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2024-52331
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-028231
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-028231 // NVD: CVE-2024-52331

PROBLEMTYPE DATA

problemtype:CWE-1391

Trust: 1.0

problemtype:CWE-494

Trust: 1.0

problemtype:CWE-327

Trust: 1.0

problemtype:Using weak credentials (CWE-1391) [ others ]

Trust: 0.8

problemtype: Incomplete integrity verification of downloaded code (CWE-494) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028231 // NVD: CVE-2024-52331

EXTERNAL IDS

db:NVDid:CVE-2024-52331

Trust: 2.6

db:JVNDBid:JVNDB-2024-028231

Trust: 0.8

sources: JVNDB: JVNDB-2024-028231 // NVD: CVE-2024-52331

REFERENCES

url:https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf

Trust: 1.8

url:https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-52331

Trust: 0.8

sources: JVNDB: JVNDB-2024-028231 // NVD: CVE-2024-52331

SOURCES

db:JVNDBid:JVNDB-2024-028231
db:NVDid:CVE-2024-52331

LAST UPDATE DATE

2025-10-03T23:34:16.906000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-028231date:2025-09-30T07:49:00
db:NVDid:CVE-2024-52331date:2025-10-02T15:15:52.810

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-028231date:2025-09-30T00:00:00
db:NVDid:CVE-2024-52331date:2025-01-23T17:15:14.563