Cisco Talos has uncovered multiple vulnerabilities in the Nest Cam IQ Indoor camera that can enable a denial of service situation or enable code execution for an unauthorized user.
The two most critical issues are CVE-2019-5035, which holds a CVSS 9.0 rating and CVE-2019-5040, CVSS 8.5.
The first issue is exploitable information disclosure vulnerability in the Weave PASE pairing functionality camera which can be exploited by a set of specially crafted weave packets that can brute force a pairing code, resulting in greater Weave access and potentially full device control. This can be triggered when an attacker sends specially crafted packets.
CVE-2019-5040 can also be exploited through specially crafted weave packets. In this case an exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and the Nest Cam resulting in PacketBuffer data reuse enabling possible information disclosure.
The less critical vulnerabilities are:
- CVE-2019-5043 – a TCP connection denial-of-service vulnerability.
- CVE-2019-5034 – a pairing information disclosure vulnerability.
- CVE-2019-5036 – a denial-of-service vulnerability.
- CVE-2019-5037 – a denial-of-service vulnerability.
- CVE-2019-5038 – a code execution vulnerability.
- CVE-2019-5039 – code execution vulnerability.