ГлавнаяУязвимости → CVE-2024-52329
7.4высокая

CVE-2024-52329

Описание

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.

Затрагиваемое ПО
Ecovacs Home
CVSS
Балл7.4 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdfhttps://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdfhttps://www.ecovacs.com/global/userhelp/dsa20241217001