Cyber Posture

CVE-2024-52330

HighPublic PoC

Published: 23 January 2025

Published
23 January 2025
Modified
23 September 2025
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0066 71.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inoperable or unable to boot, thus denying the availability to use the devices and/or…

Security Summary

CVE-2024-52330 is a vulnerability in ECOVACS lawnmowers and vacuums stemming from improper validation of TLS certificates, mapped to CWE-295. The affected devices fail to properly verify TLS certificates during communication, exposing encrypted traffic to interception and tampering. This issue carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with network accessibility but requiring high attack complexity.

An unauthenticated attacker positioned to intercept network traffic can exploit this vulnerability via a man-in-the-middle attack to read or modify TLS-encrypted communications. Successful exploitation could allow the attacker to alter firmware updates transmitted to the devices, potentially leading to persistent compromise or malicious modifications.

ECOVACS has issued security advisory DSA-20241217001, available at https://www.ecovacs.com/global/userhelp/dsa20241217001, which likely details mitigation steps. Further technical details on the vulnerability are provided in research presentations, including those from 37C3 2023 (https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf) and HITCON 2024 (https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf).

Details

CWE(s)
CWE-295

Affected Products

ecovacs
deebot x2 omni firmware
≤ 1.76.6
ecovacs
deebot x2 combo firmware
≤ 1.81.10
ecovacs
deebot x2s firmware
≤ 1.49.0
ecovacs
deebot x5 pro firmware
≤ 1.70.0
ecovacs
deebot x5 pro plus firmware
≤ 1.38.0
ecovacs
deebot x5 pro ultra firmware
≤ 1.17.0
ecovacs
mate x firmware
≤ 1.44.18
ecovacs
deebot x1 omni firmware
≤ 2.4.41
ecovacs
deebot x1 turbo firmware
≤ 2.4.41
ecovacs
deebot x1 pro omni firmware
≤ 2.4.41
+10 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
attack.mitre.org →
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
T1495 Firmware Corruption Impact
Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inoperable or unable to boot, thus denying the availability to use the devices and/or…
attack.mitre.org →
Why these techniques?

Improper TLS certificate validation enables unauthenticated MiTM attacks to sniff/decrypt traffic (T1040), intercept and modify communications (T1557), and alter firmware updates (T1495).

References