ГлавнаяУязвимости → CVE-2024-52325
9.6критическая

CVE-2024-52325

Описание

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.

Затрагиваемое ПО
Ecovacs Goat g1-2000 firmwareEcovacs Goat g1-2000Ecovacs Goat g1 firmwareEcovacs Goat g1Ecovacs Goat g1-800 firmwareEcovacs Goat g1-800Ecovacs Gx-600 firmwareEcovacs Gx-600Ecovacs Deebot x2 omni firmwareEcovacs Deebot x2 omniEcovacs Deebot x2 combo firmwareEcovacs Deebot x2 comboEcovacs Deebot x2s firmwareEcovacs Deebot x2sEcovacs Deebot x5 pro firmwareEcovacs Deebot x5 proEcovacs Deebot x5 pro plus firmwareEcovacs Deebot x5 pro plusEcovacs Deebot x5 pro ultra firmwareEcovacs Deebot x5 pro ultraEcovacs Deebot t30 omni firmwareEcovacs Deebot t30 omniEcovacs Deebot t30s firmwareEcovacs Deebot t30s
CVSS
Балл9.6 — критическая
ВекторCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Источники
https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdfhttps://www.ecovacs.com/global/userhelp/dsa20241119https://www.ecovacs.com/global/userhelp/dsa20241130001https://youtu.be/_wUsM0Mlenc?t=2041