CVE-2024-52328— ECOVACS lawnmowers and vacuums insecurely store audio warning files
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-52328
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ECOVACS lawnmowers and vacuums insecurely store audio warning files
Source: NVD (National Vulnerability Database)
Vulnerability Description
ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify warning files such that users may not be aware that the camera is on.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键资源的不正确权限授予
Source: NVD (National Vulnerability Database)
Vulnerability Title
ECOVACS robot lawnmowers和vacuums 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ECOVACS robot vacuums和ECOVACS robot lawnmowers都是中国科沃斯(ECOVACS)公司的产品。ECOVACS robot vacuums是一系列吸尘器。ECOVACS robot lawnmowers是一系列割草机。 ECOVACS robot lawnmowers和vacuums存在安全漏洞,该漏洞源于音频文件存储不安全,导致攻击者可篡改警告文件,使用户无法察觉摄像头状态。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ECOVACS | Unspecified robots | * | - |
II. Public POCs for CVE-2024-52328
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-52328
请登录查看更多情报信息。
Same Patch Batch · ECOVACS · 2025-01-23 · 9 CVEs total
| CVE-2024-52325 | 9.6 CRITICAL | ECOVACS robot lawnmowers and vacuums command injection |
| CVE-2024-11147 | 7.6 HIGH | ECOVACS lawnmowers and vacuums deterministic root password |
| CVE-2024-52331 | 7.5 HIGH | ECOVACS lawnmowers and vacuums deterministic firmware encryption key |
| CVE-2024-52330 | 7.4 HIGH | ECOVACS lawnmowers and vacuums do not properly validate TLS certificates |
| CVE-2024-52329 | 7.4 HIGH | ECOVACS HOME mobile app plugins do not properly validate TLS certificates |
| CVE-2024-52327 | 6.5 MEDIUM | ECOVACS lawnmower and vacuum cloud service live video PIN bypass |
| CVE-2024-12078 | 6.3 MEDIUM | ECOVACS lawnmowers and vacuums static BLE GATT encryption key |
| CVE-2024-12079 | 3.3 LOW | ECOVACS lawnmowers cleartext storage of anti-theft PIN |
IV. Related Vulnerabilities
Same product: Unspecified robots
Same vendor: ECOVACS
- CVE-2025-30198
ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK - CVE-2025-30199
ECOVACS Vacuum and Base Station accept unsigned firmware - CVE-2025-30200
ECOVACS Vacuum and Base Station Hard-Coded AES Encryption - CVE-2025-2394
Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and - CVE-2024-52327
ECOVACS lawnmower and vacuum cloud service live video PIN by
Same weakness: CWE-732
- CVE-2026-41288
WatchGuard Agent on Windows Privilege Escalation Vulnerabili - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-6499
ILM Informatique OpenConcerto 安全漏洞 - CVE-2026-41366
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLo - CVE-2026-35367
uutils coreutils nohup Information Disclosure via Insecure D
V. Comments for CVE-2024-52328
No comments yet