CVE-2024-52329

HighPublic PoC

Published: 23 January 2025

Published

23 January 2025

Modified

23 September 2025

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0067 71.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52329 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Ecovacs Home. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked in the top 28.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-17 (Public Key Infrastructure Certificates).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557) and 2 other techniques. AI-specific risk: MITRE ATLAS Obtain Capabilities (AML.T0016) plus 4 more. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

Requires validation of PKI certificates, directly addressing the improper TLS certificate validation that enables attackers to intercept and modify traffic for stealing authentication tokens.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Mandates protection of transmission confidentiality and integrity, which is compromised by the lack of proper TLS certificate validation in the ECOVACS app plugins.

SC-13 Cryptographic Protection good match

prevent

Implements cryptographic protections including TLS with proper certificate handling to prevent unauthorized reading or modification of communications carrying authentication tokens.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

T1528 Steal Application Access Token Credential Access

Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.

attack.mitre.org →

T1565.002 Transmitted Data Manipulation Impact

Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

Improper TLS certificate validation enables unauthenticated MITM attacks (T1557) to intercept/modify traffic, steal authentication tokens (T1528), and manipulate transmitted data (T1565.002).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

NVD Description

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.

Deeper analysisAI

CVE-2024-52329 is a vulnerability in the ECOVACS HOME mobile app plugins for specific robots, stemming from improper validation of TLS certificates (CWE-295). Published on 2025-01-23, it carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with no availability disruption.

An unauthenticated attacker can exploit this vulnerability over the network, though it requires high attack complexity. Successful exploitation allows the attacker to read or modify TLS traffic, enabling the theft of authentication tokens from affected communications.

The Ecovacs security advisory DSA-20241217001 provides details on mitigation at https://www.ecovacs.com/global/userhelp/dsa20241217001. Further technical analysis appears in research presentations, including 37C3 2023 (https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf) and HITCON 2024 (https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf).