Deterministic Key Vulnerability in ECOVACS Robot Lawn Mowers and Vacuums
CVE-2024-52331

7.7HIGH

Key Information:

Vendor: Ecovacs
Status: Unspecified Robots
Vendor: CVE Published:; 23 January 2025

What is CVE-2024-52331?

ECOVACS robot lawnmowers and vacuums have a vulnerability that arises from the use of a deterministic symmetric key for decrypting firmware updates. This flaw allows an attacker to create malicious firmware that, once encrypted, can be installed on the device without detection. The implications of this vulnerability include unauthorized control over the device and the potential for exploitation of personal data collected by the robot, posing significant risks to user privacy and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Unspecified robots *

References

https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ec...

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-...

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 23, 2025
Vulnerability Reserved
Nov 8, 2024

JSON

Ecovacs

What is CVE-2024-52331?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.