Login Sign Up

CVE-2024-52325

9.6 CRITICAL
Remote Code Execution

📋 TL;DR

ECOVACS robot lawnmowers and vacuums are vulnerable to unauthenticated command injection via Bluetooth Low Energy (BLE) connections. Attackers within BLE range can execute arbitrary commands on affected devices, potentially taking full control. This affects ECOVACS robot vacuum and lawnmower models with vulnerable firmware.

💻 Affected Systems

Products:
  • ECOVACS robot vacuums
  • ECOVACS robot lawnmowers
Versions: Firmware versions prior to November 2024 patches
Operating Systems: Embedded RTOS on ECOVACS devices
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires BLE connectivity enabled (default).

📦 What is this software?

Deebot T30 Omni Firmware by Ecovacs

View all CVEs affecting Deebot T30 Omni Firmware →

Deebot T30s Firmware by Ecovacs

View all CVEs affecting Deebot T30s Firmware →

Deebot X2 Combo Firmware by Ecovacs

View all CVEs affecting Deebot X2 Combo Firmware →

Deebot X2 Omni Firmware by Ecovacs

View all CVEs affecting Deebot X2 Omni Firmware →

Deebot X2s Firmware by Ecovacs

View all CVEs affecting Deebot X2s Firmware →

Deebot X5 Pro Firmware by Ecovacs

View all CVEs affecting Deebot X5 Pro Firmware →

Deebot X5 Pro Plus Firmware by Ecovacs

View all CVEs affecting Deebot X5 Pro Plus Firmware →

Deebot X5 Pro Ultra Firmware by Ecovacs

View all CVEs affecting Deebot X5 Pro Ultra Firmware →

Goat G1 2000 Firmware by Ecovacs

View all CVEs affecting Goat G1 2000 Firmware →

Goat G1 800 Firmware by Ecovacs

View all CVEs affecting Goat G1 800 Firmware →

Goat G1 Firmware by Ecovacs

View all CVEs affecting Goat G1 Firmware →

Gx 600 Firmware by Ecovacs

View all CVEs affecting Gx 600 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing physical sabotage, theft of Wi-Fi credentials, installation of persistent malware, or use as a network pivot point.

🟠

Likely Case

Local attackers within BLE range (typically ~10 meters) could disrupt device operation, access stored data, or use the device for limited network attacks.

🟢

If Mitigated

With proper network segmentation and BLE access controls, impact is limited to device malfunction within physical proximity.

🌐 Internet-Facing: LOW (BLE requires physical proximity, not internet connectivity)
🏢 Internal Only: HIGH (BLE connections bypass network perimeter defenses and require physical access)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit demonstrated at DEFCON 32 with video proof. Attack requires BLE-capable device and proximity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released November 2024

Vendor Advisory: https://www.ecovacs.com/global/userhelp/dsa20241119

Restart Required: Yes

Instructions:

1. Open ECOVACS HOME app. 2. Check for firmware updates. 3. Apply available updates. 4. Device will restart automatically.

🔧 Temporary Workarounds

Disable BLE when not in use

all

Turn off Bluetooth connectivity when device is not actively being controlled via app

Use ECOVACS HOME app settings to disable Bluetooth

Physical isolation

all

Keep devices in secure areas where unauthorized BLE access is impossible

🧯 If You Can't Patch

  • Physically isolate devices from untrusted areas
  • Implement network segmentation to separate IoT devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check firmware version in ECOVACS HOME app. Versions before November 2024 patches are vulnerable.

Check Version:

Use ECOVACS HOME app → Device Settings → Firmware Version

Verify Fix Applied:

Confirm firmware version shows post-November 2024 update in ECOVACS HOME app

📡 Detection & Monitoring

Log Indicators:

  • Unusual BLE connection attempts
  • Unexpected device behavior logs

Network Indicators:

  • Suspicious BLE traffic patterns near devices
  • Unexpected network connections from device

SIEM Query:

Not applicable - primarily physical/BLE based attack

📊 Metadata

CVE ID: CVE-2024-52325
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-77
EPSS Score: 1.69% exploit probability (81.9th percentile)
Published: January 23, 2025
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52325, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)