CVE-2024-52331 Information

Description

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.

Reference

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf url https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html url