CVE-2019-5035

Summary

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aNest LabsNest Labs Nest Cam IQ Indoor version 4620002affected

Weaknesses

  • CWE-307: CWE-307: Improper Restriction of Excessive Authentication Attempts

ADP Enrichment

CVE Program Container

Additional References

References