Recently, Lilith Wyatt and Claudio Bozzato from the Cisco Talos research team found eight vulnerabilities in Google Nest Cam IQ indoor networking camera (version 4620002), including three denial-of-service (DoS) vulnerabilities, two code execution Vulnerabilities and three vulnerabilities that can be used to steal information.
CVE-2019-5035 and CVE-2019-5040 are the two most serious vulnerabilities. Both can be triggered by specially crafted packets sent by hackers, these vulnerabilities allow hackers to extend Weave access and control devices, while the latter can help hackers read encrypted data.
The vulnerabilities mentioned in the article include Weaveegacy pairing vulnerability (CVE-2019-5034), DoS vulnerability in Weave TCP connection (CVE-2019-5043), WeaveKeyError DoS vulnerability in Weave error reporting function (CVE) -2019-5036), DoS vulnerability in Weave certificate loading component (CVE-2019-5037), Weave tool print-tlv command vulnerability (CVE-2019-5038), and Openweave-core (version 4.0.2) ASN1 Certificate Writing Functional Component Vulnerability (CVE-2019-5039).
Currently, device vendors have introduced relevant security patches and recommend that users update as soon as possible.