← volver
CVE-2024-52330

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates

CVSS 9.5 CRITICALEPSS 0.3%CWE-295
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H
Productos afectados
ECOVACS · DEEBOT T10ECOVACS · DEEBOT T10 OMNIECOVACS · DEEBOT T10 PLUSECOVACS · DEEBOT T10 TURBOECOVACS · DEEBOT X1ECOVACS · DEEBOT X1e OMNIECOVACS · DEEBOT X1 OMNIECOVACS · DEEBOT X1 PLUSECOVACS · DEEBOT X1 PRO OMNIECOVACS · DEEBOT X1S PROECOVACS · DEEBOT X1S PRO PLUSECOVACS · DEEBOT X1 TURBOECOVACS · DEEBOT X2 COMBOECOVACS · DEEBOT X2 OMNIECOVACS · DEEBOT X2 PROECOVACS · DEEBOT X2SECOVACS · DEEBOT X5 PROECOVACS · DEEBOT X5 PRO PLUSECOVACS · DEEBOT X5 PRO ULTRAECOVACS · Mate X

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdfhttps://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdfhttps://www.ecovacs.com/global/userhelp/dsa20241217001