PT-2019-17422 · Nest · Nest Cam Iq Indoor

Claudio Bozzato

Published

2019-08-20

Updated

2022-06-27

CVE-2019-5036

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Nest Cam IQ Indoor version 4620002

Description A denial-of-service issue exists in the Weave error reporting functionality. It can be triggered by a specially crafted weave packet, causing an arbitrary Weave Exchange Session to close. This results in a denial of service. An attacker can exploit this by sending a specially crafted packet.

Recommendations For Nest Cam IQ Indoor version 4620002, consider disabling the Weave error reporting functionality as a temporary workaround until a patch is available. Restrict access to the Weave Exchange Session to minimize the risk of exploitation. Avoid using specially crafted weave packets in the affected functionality until the issue is resolved.

Exploit

Fix

Improper Access Control

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-346

Related Identifiers

CVE-2019-5036

Affected Products

Nest Cam Iq Indoor

PT-2019-17422 · Nest · Nest Cam Iq Indoor

CVE-2019-5036

Weakness Enumeration

Related Identifiers

Affected Products

References · 3