Deebot X5 Pro Ultra Firmware

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-52330 CRITICAL POC Act Now

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot X2 Omni Firmware Deebot X2 Combo Firmware Deebot X2S Firmware Deebot X5 Pro Firmware +16
NVD
CVSS 4.0
9.5
EPSS
0.7%
CVE-2024-52325 MEDIUM POC This Month

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. Rated medium severity (CVSS 5.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goat G1 2000 Firmware Goat G1 Firmware Goat G1 800 Firmware Gx 600 Firmware +8
NVD
CVSS 4.0
5.8
EPSS
0.6%
CVE-2024-52330
EPSS 1% CVSS 9.5
CRITICAL POC Act Now

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deebot X2 Omni Firmware Deebot X2 Combo Firmware +18
NVD
CVE-2024-52325
EPSS 1% CVSS 5.8
MEDIUM POC This Month

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. Rated medium severity (CVSS 5.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goat G1 2000 Firmware Goat G1 Firmware +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy