CVE-2024-52330

HighPublic PoC

Published: 23 January 2025

Published

23 January 2025

Modified

23 September 2025

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0066 71.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-52330 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Ecovacs Deebot X2 Omni Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked in the top 28.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Sniffing (T1040) and 2 other techniques. AI-specific risk: MITRE ATLAS AI Supply Chain Compromise (AML.T0010). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

Directly requires establishment of requirements for PKI certificates and validation to prevent acceptance of invalid TLS certificates in device communications.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Mandates cryptographic protection for transmission confidentiality and integrity, which proper TLS certificate validation enforces against interception and modification.

SI-7 Software, Firmware, and Information Integrity partial match

preventdetect

Provides integrity verification mechanisms for firmware to detect and block installation of tampered updates resulting from TLS traffic modification.

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access

Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.

attack.mitre.org →

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

T1495 Firmware Corruption Impact

Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inoperable or unable to boot, thus denying the availability to use the devices and/or…

attack.mitre.org →

Why these techniques?

Improper TLS certificate validation enables unauthenticated MiTM attacks to sniff/decrypt traffic (T1040), intercept and modify communications (T1557), and alter firmware updates (T1495).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

NVD Description

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.

Deeper analysisAI

CVE-2024-52330 is a vulnerability in ECOVACS lawnmowers and vacuums stemming from improper validation of TLS certificates, mapped to CWE-295. The affected devices fail to properly verify TLS certificates during communication, exposing encrypted traffic to interception and tampering. This issue carries a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with network accessibility but requiring high attack complexity.

An unauthenticated attacker positioned to intercept network traffic can exploit this vulnerability via a man-in-the-middle attack to read or modify TLS-encrypted communications. Successful exploitation could allow the attacker to alter firmware updates transmitted to the devices, potentially leading to persistent compromise or malicious modifications.

ECOVACS has issued security advisory DSA-20241217001, available at https://www.ecovacs.com/global/userhelp/dsa20241217001, which likely details mitigation steps. Further technical details on the vulnerability are provided in research presentations, including those from 37C3 2023 (https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf) and HITCON 2024 (https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf).

Details

CWE(s): CWE-295

Affected Products

ecovacs

deebot x2 omni firmware

≤ 1.76.6

ecovacs

deebot x2 combo firmware

≤ 1.81.10

ecovacs

deebot x2s firmware

≤ 1.49.0

ecovacs

deebot x5 pro firmware

≤ 1.70.0

ecovacs

deebot x5 pro plus firmware

≤ 1.38.0

ecovacs

deebot x5 pro ultra firmware

≤ 1.17.0

ecovacs

mate x firmware

≤ 1.44.18

ecovacs

deebot x1 omni firmware

≤ 2.4.41

ecovacs

deebot x1 turbo firmware

≤ 2.4.41

ecovacs

deebot x1 pro omni firmware

≤ 2.4.41

+10 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2024-52329Same vendor: Ecovacs

CVE-2024-52325Same product: Ecovacs Deebot X2 Combo

CVE-2024-11147Same product: Ecovacs Deebot T10

CVE-2025-1193Shared CWE-295

CVE-2025-46788Shared CWE-295

CVE-2026-33810Shared CWE-295

CVE-2026-32627Shared CWE-295

CVE-2024-55581Shared CWE-295

CVE-2025-11043Shared CWE-295

CVE-2026-4434Shared CWE-295

References

https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf
Exploit, Third Party Advisory · 9119a7d8-5eab-497f-8521-727c672e3725
https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf
Exploit, Third Party Advisory · 9119a7d8-5eab-497f-8521-727c672e3725
https://www.ecovacs.com/global/userhelp/dsa20241217001
Vendor Advisory · 9119a7d8-5eab-497f-8521-727c672e3725