Recently, Lilith Wyatt and Claudio Bozzato from Cisco Talos research team found that a Google Nest Cam IQ eight vulnerabilities indoor network camera (version 4620002), in which three denial of service (DoS) vulnerabilities, two, and three code execution vulnerabilities vulnerabilities that can be used to steal information.
CVE-2019-5035 and CVE-2019-5040 are the two most serious vulnerabilities. Special data packet can be transmitted both triggered by a hacker, the hacker could allow expansion and Weave access control device, which can help the hacker to read the encrypted data.
Mentioned in the article vulnerabilities include Weaveegacy pairing Vulnerability (CVE-2019-5034), Weave TCP DoS Vulnerability (CVE-2019-5043) connections, Weave error reporting in WeaveKeyError DoS Vulnerability (CVE-2019-5036), DoS weaving certificate loaded components (CVE-2019-5037) vulnerability in weaving tools print-tlv command vulnerability (CVE-2019-5038) and Openweave-core (version 4.0.2) ASN1 certificate written in the functional components vulnerability (CVE-2019 --5039).
Currently, equipment suppliers have introduced relevant security patches, and recommends that users update as soon as possible.