CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.

More information : https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf