Cisco Talos has uncovered multiple vulnerabilities in the Nest Cam IQ Indoor camera that can enable a denial of service situation or enable code execution for an unauthorized user.
Version 4620002 camera is affected by the vulnerabilities and Cisco Talos has revealed and worked with the NEST team so a patch is available.
The two most critical issues are CVE-2019-5035, which holds a CVSS 9.0 rating and CVE-2019-5040, CVSS 8.5.
The first issue is exploitable information disclosure vulnerability in the Weave PASE pairing functionality camera which can be exploited by a set of specially crafted weave packets that can brute force a pairing code, resulting in greater Weave access and potentially full device control. This can be triggered when an attacker sends specially crafted packets.
CVE-2019-5040 can also be exploited through specially crafted weave packets. In this case an exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and the Nest Cam resulting in PacketBuffer data reuse enabling possible information disclosure.
The less critical vulnerabilities are:
- CVE-2019-5043 – a TCP connection denial-of-service vulnerability.
- CVE-2019-5034 – a pairing information disclosure vulnerability.
- CVE-2019-5036 – a denial-of-service vulnerability.
- CVE-2019-5037 – a denial-of-service vulnerability.
- CVE-2019-5038 - a code execution vulnerability.
- CVE-2019-5039 - code execution vulnerability.