CVE-2024-52330 Information

Description

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic possibly modifying firmware updates.

Reference

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf url https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf url https://www.ecovacs.com/global/userhelp/dsa20241217001 url