Denial-of-Service Vulnerability in Nest Cam IQ Indoor Camera by Google
CVE-2019-5037

7.5HIGH

Key Information:

Vendor: Google
Status: Nest Labs
Vendor: CVE Published:; 20 August 2019

Summary

A vulnerability within the Weave certificate loading functionality of the Nest Cam IQ Indoor camera allows for an exploitable denial-of-service condition. By crafting a specific Weave packet, an attacker can exploit an integer overflow, leading to an out-of-bounds read on unmapped memory. This situation can ultimately result in a denial of service, disrupting the normal functioning of the camera. Users should ensure their devices are updated to mitigate this risk.

Affected Version(s)

Nest Labs Nest Labs Nest Cam IQ Indoor version 4620002

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2019
Vulnerability Reserved
Jan 4, 2019