CVE-2024-52325

MEDIUM Year: 2024
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-77
View all →

Vulnerability Description

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.

Related Vulnerabilities

CVE-2020-14436

CRITICAL
CVSS:9.6(Critical)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15....

CWE-772020

CVE-2020-14437

CRITICAL
CVSS:9.6(Critical)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15....

CWE-772020

CVE-2020-14438

CRITICAL
CVSS:9.6(Critical)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15....

CWE-772020

CVE-2020-14439

CRITICAL
CVSS:9.6(Critical)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15....

CWE-772020

CVE-2020-14440

CRITICAL
CVSS:9.6(Critical)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15....

CWE-772020

CVE-2020-14441

CRITICAL
CVSS:9.6(Critical)

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15....

CWE-772020