Cyber Posture

CVE-2024-52331

HighPublic PoC

Published: 23 January 2025

Published
23 January 2025
Modified
02 October 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

An adversary can leverage a computer's peripheral devices (e.

Security Summary

CVE-2024-52331 is a vulnerability in ECOVACS robot lawnmowers and vacuums that stems from the use of a deterministic symmetric key for decrypting firmware updates. This design flaw enables an attacker to craft malicious firmware, encrypt it with the known key, and have it successfully decrypted and installed by the affected device. Published on 2025-01-23, the issue carries a CVSS 3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWEs-327 (Broken or Risky Cryptographic Algorithm), CWE-494 (Download of Code Without Integrity Check), and CWE-1391 (Use of Weak Cryptographic Primitive).

Exploitation requires network access with no privileges, but involves high attack complexity and user interaction, such as tricking a device owner into applying the attacker's firmware update. Successful exploitation grants high impacts on confidentiality, integrity, and availability, allowing full compromise of the robot's firmware and potentially enabling persistent control, data exfiltration, or physical manipulation of the device.

The vulnerability was detailed in security research presentations, including one from 37C3 2023 at https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf and another from HITCON 2024 at https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html. No specific advisories or patches are referenced in available information.

Details

CWE(s)
CWE-327CWE-494CWE-1391

Affected Products

ecovacs
deebot 900 firmware
all versions
ecovacs
deebot n8 firmware
all versions
ecovacs
deebot t8 firmware
all versions
ecovacs
deebot n9 firmware
all versions
ecovacs
deebot t9 firmware
all versions
ecovacs
deebot n10 firmware
all versions
ecovacs
deebot t10 firmware
all versions
ecovacs
deebot x1 firmware
all versions
ecovacs
deebot t20 firmware
all versions
ecovacs
deebot x2 firmware
all versions
+4 more product configuration(s) — see NVD for full list

AI Security Analysis

AI Category
Mobile/Edge AI
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
ECOVACS robot lawnmowers and vacuums are edge AI devices that utilize computer vision, machine learning for navigation, mapping, and obstacle avoidance via cameras and sensors. The firmware update vulnerability affects the deployment of software on these AI-enabled robotic platforms.

MITRE ATT&CK Enterprise Techniques

T1525 Implant Internal Image Persistence
Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment.
attack.mitre.org →
T1542.002 Component Firmware Stealth
Adversaries may modify component firmware to persist on systems.
attack.mitre.org →
T1601.001 Patch System Image Defense Impairment
Adversaries may modify the operating system of a network device to introduce new capabilities or weaken existing defenses.
attack.mitre.org →
T1123 Audio Capture Collection
An adversary can leverage a computer's peripheral devices (e.
attack.mitre.org →
T1125 Video Capture Collection
An adversary can leverage a computer's peripheral devices (e.
attack.mitre.org →
Why these techniques?

Vulnerability enables crafting malicious firmware updates using known symmetric key, facilitating implanting code in firmware images (T1525), component firmware modification for persistence (T1542.002), patching system images (T1601.001), and collection via unauthorized camera/microphone access (T1123, T1125) as noted in advisories.

References