Details of VAR-202501-3202

ID

VAR-202501-3202

CVE

CVE-2024-52328

TITLE

plural ECOVACS Vulnerability in improper permission assignment for critical resources in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-028232

DESCRIPTION

ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on. DEEBOT N8 firmware, DEEBOT 900 firmware, DEEBOT T8 firmware etc. ECOVACS The product contains a vulnerability in improper permission assignment for critical resources.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-52328 // JVNDB: JVNDB-2024-028232

AFFECTED PRODUCTS

vendor:	ecovacs	model:	airbot andy	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	goat g1	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot n9	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot x2	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	airbot z1	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot n8	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot t10	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot t20	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot t8	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	airbot ava	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot n10	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot x1	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot t9	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	deebot 900	scope:	eq	version:	-	Trust: 1.0
vendor:	ecovacs	model:	airbot ava	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot t10	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot t9	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	goat g1	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot x1	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	airbot andy	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot t8	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot t20	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot n9	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot 900	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot n8	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot x2	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	airbot z1	scope:	-	version:	-	Trust: 0.8
vendor:	ecovacs	model:	deebot n10	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-028232 // NVD: CVE-2024-52328

CVSS

SEVERITY

CVSSV2

CVSSV3

9119a7d8-5eab-497f-8521-727c672e3725:	CVE-2024-52328
value:	LOW
Trust: 1.0
OTHER:	JVNDB-2024-028232
value:	LOW
Trust: 0.8

9119a7d8-5eab-497f-8521-727c672e3725:	CVE-2024-52328
baseSeverity:	LOW
baseScore:	2.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-028232
baseSeverity:	LOW
baseScore:	2.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-028232 // NVD: CVE-2024-52328

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.0
problemtype:	Improper permission assignment for critical resources (CWE-732) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-028232 // NVD: CVE-2024-52328

EXTERNAL IDS

db:	NVD	id:	CVE-2024-52328	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-028232	Trust: 0.8

sources: JVNDB: JVNDB-2024-028232 // NVD: CVE-2024-52328

REFERENCES

url:	https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf	Trust: 1.8
url:	https://dontvacuum.me/talks/hitcon2024/hitcon-cmt-2024_ecovacs.pdf	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-52328	Trust: 0.8

sources: JVNDB: JVNDB-2024-028232 // NVD: CVE-2024-52328

SOURCES

db:	JVNDB	id:	JVNDB-2024-028232
db:	NVD	id:	CVE-2024-52328

LAST UPDATE DATE

2025-10-02T23:37:01.563000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-028232	date:	2025-09-30T07:49:00
db:	NVD	id:	CVE-2024-52328	date:	2025-09-23T17:44:56.110

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-028232	date:	2025-09-30T00:00:00
db:	NVD	id:	CVE-2024-52328	date:	2025-01-23T17:15:14.133