CVE-2024-52331 – ECOVACS robot lawnmowers and vacuums use a pred... (How to Fix)

📋 TL;DR

ECOVACS robot lawnmowers and vacuums use a predictable symmetric key for firmware decryption, allowing attackers to create and install malicious firmware. This affects all ECOVACS robot models that receive firmware updates via this vulnerable mechanism. Users of these devices are at risk of unauthorized firmware modifications.

💻 Affected Systems

Products:

ECOVACS robot lawnmowers
ECOVACS robot vacuums

Versions: All versions using vulnerable firmware update mechanism

Operating Systems: Embedded robot firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices that receive firmware updates via the vulnerable decryption method

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing remote control, data theft, physical property damage, or creation of botnet nodes

🟠

Likely Case

Unauthorized firmware installation leading to device malfunction, privacy violations, or credential theft

🟢

If Mitigated

Limited impact if devices are isolated from untrusted networks and firmware validation is implemented

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to deliver malicious firmware to device, but decryption key is deterministic

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - check ECOVACS support

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

1. Check ECOVACS app for firmware updates
2. Apply any available updates
3. Ensure device is connected to secure network during update

🔧 Temporary Workarounds

Network isolation

all

Isolate robot devices on separate VLAN or network segment

Disable automatic updates

all

Manually control firmware updates through official app only

🧯 If You Can't Patch

Disconnect device from internet and use only local control
Physically secure device when not in use to prevent physical access

🔍 How to Verify

Check if Vulnerable:

Check if device accepts firmware updates without proper cryptographic validation

Check Version:

Check ECOVACS app for current firmware version

Verify Fix Applied:

Verify firmware update mechanism uses non-deterministic keys and proper signature validation

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware update attempts
Device behavior changes

Network Indicators:

Unusual network traffic to/from robot device
Firmware download from non-ECOVACS sources

SIEM Query:

Not applicable for typical home IoT devices

📊 Metadata

CVE ID: CVE-2024-52331

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-327

EPSS Score: 0.03% exploit probability (8.6th percentile)

Published: January 23, 2025

Last Updated: October 2, 2025

🔗 References

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf Exploit,Third Party Advisory
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.html Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52331, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Airbot Andy Firmware by Ecovacs

Airbot Ava Firmware by Ecovacs

Airbot Z1 Firmware by Ecovacs

Deebot 900 Firmware by Ecovacs

Deebot N10 Firmware by Ecovacs

Deebot N8 Firmware by Ecovacs

Deebot N9 Firmware by Ecovacs

Deebot T10 Firmware by Ecovacs

Deebot T20 Firmware by Ecovacs

Deebot T8 Firmware by Ecovacs

Deebot T9 Firmware by Ecovacs

Deebot X1 Firmware by Ecovacs

Deebot X2 Firmware by Ecovacs

Goat G1 Firmware by Ecovacs