Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5043 | 1 Google | 2 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. | |||||
| CVE-2019-5037 | 1 Google | 2 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger. | |||||
| CVE-2019-5034 | 1 Google | 2 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2019-5035 | 1 Google | 2 Nest Cam Iq, Nest Cam Iq Indoor Firmware | 2023-12-10 | 6.8 MEDIUM | 9.0 CRITICAL |
| An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability. | |||||
| CVE-2019-5036 | 1 Google | 2 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability. | |||||
| CVE-2019-5040 | 2 Google, Openweave | 3 Nest Cam Iq Indoor, Nest Cam Iq Indoor Firmware, Openweave-core | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability. | |||||