← Volver a CVEs
CVE-2019-5035
CRITICAL9.0
Descripcion
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability.
Detalles CVE
Puntuacion CVSS v3.19.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/20/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
google:nest_cam_iqgoogle:nest_cam_iq_indoor_firmware
Debilidades (CWE)
CWE-307CWE-327
Referencias
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0798(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0798(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.