CVE-2024-52325 Information

Description

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.

Reference

https://dontvacuum.me/talks/DEFCON32/DEFCON32_reveng_hacking_ecovacs_robots.pdf url https://www.ecovacs.com/global/userhelp/dsa20241119 url https://www.ecovacs.com/global/userhelp/dsa20241130001 url https://youtu.be/_wUsM0Mlenc?t=2041 url