CVE-2024-52331

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-494
View all →

Vulnerability Description

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.

Related Vulnerabilities

CVE-2019-3977

HIGH
CVSS:7.5(High)

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick...

CWE-4942019

CVE-2019-5982

HIGH
CVSS:7.5(High)

Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A succe...

CWE-4942019

CVE-2020-10926

HIGH
CVSS:7.5(High)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vuln...

CWE-4942020

CVE-2020-5772

HIGH
CVSS:7.5(High)

Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.

CWE-4942020

CVE-2021-45027

HIGH
CVSS:7.5(High)

An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user suppl...

CWE-4942021

CVE-2022-36671

HIGH
CVSS:7.5(High)

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.

CWE-4942022