CVE-2024-52329

Summary

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.

Affected Software

VendorProductVersion RangeStatus
ECOVACSECOVACS HOME3.0.0unaffected
ECOVACSECOVACS HOME0 < 3.0.0affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References