PT-2019-17421 · Nest · Nest Cam Iq Indoor

Publicado

2019-08-20

Atualizado

2022-06-27

CVE-2019-5035

CVSS v3.1

9.0

Crítica

Vetor

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nest Cam IQ Indoor version 4620002

Description An information disclosure issue exists in the Weave PASE pairing functionality. It can be exploited by sending specially crafted weave packets to brute force a pairing code, potentially leading to greater Weave access and full device control.

Recommendations For Nest Cam IQ Indoor version 4620002, consider restricting access to the Weave PASE pairing functionality until a patch is available. As a temporary workaround, avoid using the Weave PASE pairing feature to minimize the risk of exploitation.

Exploit

Correção

Improper Restriction of Excessive Authentication Attempts

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307CWE-327

Identificadores relacionados

CVE-2019-5035

Produtos afetados

Nest Cam Iq Indoor

PT-2019-17421 · Nest · Nest Cam Iq Indoor

CVE-2019-5035

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3