Cyber Posture

CVE-2024-52329

HighPublic PoC

Published: 23 January 2025

Published
23 January 2025
Modified
23 September 2025
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0067 71.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.

Security Summary

CVE-2024-52329 is a vulnerability in the ECOVACS HOME mobile app plugins for specific robots, stemming from improper validation of TLS certificates (CWE-295). Published on 2025-01-23, it carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with no availability disruption.

An unauthenticated attacker can exploit this vulnerability over the network, though it requires high attack complexity. Successful exploitation allows the attacker to read or modify TLS traffic, enabling the theft of authentication tokens from affected communications.

The Ecovacs security advisory DSA-20241217001 provides details on mitigation at https://www.ecovacs.com/global/userhelp/dsa20241217001. Further technical analysis appears in research presentations, including 37C3 2023 (https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf) and HITCON 2024 (https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf).

Details

CWE(s)
CWE-295

Affected Products

ecovacs
home
≤ 3.0.0 · ≤ 3.0.0

MITRE ATT&CK Enterprise Techniques

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
T1528 Steal Application Access Token Credential Access
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.
attack.mitre.org →
T1565.002 Transmitted Data Manipulation Impact
Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
Why these techniques?

Improper TLS certificate validation enables unauthenticated MITM attacks (T1557) to intercept/modify traffic, steal authentication tokens (T1528), and manipulate transmitted data (T1565.002).

References