PT-2019-17421 · Nest · Nest Cam Iq Indoor

Published

2019-08-20

Updated

2022-06-27

CVE-2019-5035

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Nest Cam IQ Indoor version 4620002

Description An information disclosure issue exists in the Weave PASE pairing functionality. It can be exploited by sending specially crafted weave packets to brute force a pairing code, potentially leading to greater Weave access and full device control.

Recommendations For Nest Cam IQ Indoor version 4620002, consider restricting access to the Weave PASE pairing functionality until a patch is available. As a temporary workaround, avoid using the Weave PASE pairing feature to minimize the risk of exploitation.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-327

Related Identifiers

CVE-2019-5035

Affected Products

Nest Cam Iq Indoor

PT-2019-17421 · Nest · Nest Cam Iq Indoor

CVE-2019-5035

Weakness Enumeration

Related Identifiers

Affected Products

References · 3