{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-52325","assignerOrgId":"9119a7d8-5eab-497f-8521-727c672e3725","state":"PUBLISHED","assignerShortName":"cisa-cg","dateReserved":"2024-11-08T01:06:02.404Z","datePublished":"2025-01-23T15:56:30.185Z","dateUpdated":"2025-02-12T20:41:26.651Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection."}],"affected":[{"vendor":"ECOVACS","product":"GOAT G1","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.36.187","versionType":"custom"},{"version":"1.36.187","status":"unaffected"}]},{"vendor":"ECOVACS","product":"GOAT G1-800","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.36.187","versionType":"custom"},{"version":"1.36.187","status":"unaffected"}]},{"vendor":"ECOVACS","product":"DEEBOT X2S","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.49.0","versionType":"custom"},{"version":"1.49.0","status":"unaffected"}]},{"vendor":"ECOVACS","product":"DEEBOT X5 PRO","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.70.0","versionType":"custom"},{"version":"1.70.0","status":"unaffected"}]},{"vendor":"ECOVACS","product":"DEEBOT X5 PRO PLUS","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.38.0","versionType":"custom"},{"version":"1.38.0","status":"unaffected"}]},{"vendor":"ECOVACS","product":"DEEBOT T30 OMNI","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.93.0","versionType":"custom"},{"version":"1.93.0","status":"unaffected"}]},{"vendor":"ECOVACS","product":"DEEBOT T30S","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.95.0","versionType":"custom"},{"version":"1.95.0","status":"unaffected"}]},{"vendor":"ECOVACS","product":"GOAT G1-2000","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.36.187","versionType":"custom"},{"version":"1.36.187","status":"unaffected"}]},{"vendor":"ECOVACS","product":"GOAT GX-600","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.2.120","versionType":"custom"},{"version":"1.2.120","status":"unaffected"}]},{"vendor":"ECOVACS","product":"DEEBOT X2  OMNI","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.76.6","versionType":"custom"},{"version":"1.76.6","status":"unaffected"}]},{"vendor":"ECOVACS","product":"DEEBOT X2 COMBO","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.81.10","versionType":"custom"},{"version":"1.81.10","status":"unaffected"}]},{"vendor":"ECOVACS","product":"DEEBOT X5 PRO ULTRA","defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.17.0","versionType":"custom"},{"version":"1.17.0","status":"unaffected"}]}],"problemTypes":[{"descriptions":[{"description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","lang":"en","type":"CWE","cweId":"CWE-77"}]}],"metrics":[{"cvssV4_0":{"baseScore":5.8,"baseSeverity":"MEDIUM","version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},"format":"CVSS"},{"cvssV3_1":{"baseScore":9.6,"baseSeverity":"CRITICAL","version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},"format":"CVSS"}],"title":"ECOVACS robot lawnmowers and vacuums command injection","references":[{"name":"url","url":"https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf"},{"name":"url","url":"https://youtu.be/_wUsM0Mlenc?t=2041"},{"name":"url","url":"https://www.ecovacs.com/global/userhelp/dsa20241130001"},{"name":"url","url":"https://www.ecovacs.com/global/userhelp/dsa20241119"}],"datePublic":"2024-08-11T00:00:00.000Z","providerMetadata":{"orgId":"9119a7d8-5eab-497f-8521-727c672e3725","shortName":"cisa-cg","dateUpdated":"2025-01-24T15:04:12.565Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-52325","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-01-23T16:11:52.931430Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T20:41:26.651Z"}}]}}