{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T23:30:00.891","vulnerabilities":[{"cve":{"id":"CVE-2024-52331","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2025-01-23T17:15:14.563","lastModified":"2025-10-02T15:15:52.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot."},{"lang":"es","value":"Los robots cortacésped y aspiradores ECOVACS utilizan una clave simétrica determinista para descifrar las actualizaciones de firmware. Un atacante puede crear y cifrar un firmware malicioso que el robot descifrará e instalará con éxito."}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-327"},{"lang":"en","value":"CWE-494"},{"lang":"en","value":"CWE-1391"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_900_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"5004D440-E3EE-4252-831B-7396887BA117"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_900:-:*:*:*:*:*:*:*","matchCriteriaId":"0C4E3255-6E5D-46FC-8DE0-462788F1B4FD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_n8_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"ACB3D3DB-AFB6-4B36-B86D-358BE11FAE3E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_n8:-:*:*:*:*:*:*:*","matchCriteriaId":"ED77EFA6-576C-411A-91D2-22C962C30C94"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_t8_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AC59B209-998B-43A6-875D-364844CA37C7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_t8:-:*:*:*:*:*:*:*","matchCriteriaId":"8BA30BA8-4069-4525-A843-E88EFDC720DF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_n9_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"43C72C62-49C3-49BE-A9F1-3572DA18647C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_n9:-:*:*:*:*:*:*:*","matchCriteriaId":"7A663879-36BF-433D-9D7A-B62D65A5C6C9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_t9_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D16EB997-ADC3-45AA-8E92-6F1371E85A35"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_t9:-:*:*:*:*:*:*:*","matchCriteriaId":"D63E5FF5-9A27-4674-B573-6929CAB3BB01"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_n10_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F7060D3C-5F7C-4324-987D-C6EB4204CC47"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_n10:-:*:*:*:*:*:*:*","matchCriteriaId":"DCC67BB7-0E4A-47FA-A04D-41837A18E103"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_t10_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"C7422285-BB34-4D85-A4A4-ADD006401FE7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*","matchCriteriaId":"318C962D-54C2-456E-A045-1332A02958E9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_x1_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"A5248299-76EB-41DB-A036-5685F20D2A18"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_x1:-:*:*:*:*:*:*:*","matchCriteriaId":"4DA0B484-221F-4E67-927F-DBCBBC1F6448"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_t20_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D1DE7CE5-6D8F-478B-AA9A-274AA74270AE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_t20:-:*:*:*:*:*:*:*","matchCriteriaId":"48123BA8-E8D5-4AEF-A4CF-8136AFA400F4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:deebot_x2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3B39C403-6D28-41E3-A2D0-79473D6B9733"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:deebot_x2:-:*:*:*:*:*:*:*","matchCriteriaId":"3FD5AC03-3EF9-485F-B17A-E6D9D759A844"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:goat_g1_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"F1AA1C6D-E86C-46B6-AA32-FB9B34D60F1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:goat_g1:-:*:*:*:*:*:*:*","matchCriteriaId":"75B2D398-870D-408F-817D-FDEE8C93D683"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:airbot_z1_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FE2F668D-DD5C-4E70-A677-5029C25AB65E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:airbot_z1:-:*:*:*:*:*:*:*","matchCriteriaId":"28431C96-C4CF-4029-BBD0-1B364C406D86"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:airbot_ava_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"BA924895-0CE8-453A-98E0-0942AA33BECE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:airbot_ava:-:*:*:*:*:*:*:*","matchCriteriaId":"C193E51C-F9DD-43FD-913D-742513E63C61"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ecovacs:airbot_andy_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"1E42AEAD-D52A-45E6-97FE-A6C8FE5C59BC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ecovacs:airbot_andy:-:*:*:*:*:*:*:*","matchCriteriaId":"E5752722-3EC7-401D-A114-ACA4662890BA"}]}]}],"references":[{"url":"https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf","source":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["Exploit","Third Party Advisory"]},{"url":"https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html","source":"9119a7d8-5eab-497f-8521-727c672e3725","tags":["Exploit","Third Party Advisory"]}]}}]}