CVE-2024-52329 Information

Description

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.

Reference

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf url https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf url https://www.ecovacs.com/global/userhelp/dsa20241217001 url