23Oca
CVE-2024-52325 | ECOVACS GOAT G1 BLE SetNetPin command injection
A vulnerability was found in ECOVACS GOAT G1, GOAT G1-800, DEEBOT X2S, DEEBOT X5 PRO, DEEBOT X5 PRO PLUS, DEEBOT T30 OMNI, DEEBOT T30S, DEEBOT N30 OMNI, AIRBOT Z1, GOAT G1-2000, GOAT GX-600, DEEBOT X2 OMNI, DEEBOT X2 COMBO, DEEBOT X5 PRO ULTRA and DEEBOT N30 PRO OMNI. It has been rated as critical. Affected by this issue is the functionSetNetPin of the component BLE. The manipulation leads to command injection.
This vulnerability is handled as CVE-2024-52325. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
