Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera

Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in the Nest Cam IQ Indoor camera. One of Nest Labs’ most advanced internet-of-things devices, the Nest Cam IQ Indoor integrates Security-Enhanced Linux in...

Nest Labs Openweave Weave ASN1Writer PutValue Code Execution Vulnerability

Summary An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to...

Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability

Talos Vulnerability Report TALOS-2019-0811 Nest Labs Nest Cam IQ indoor Weave CASE nlWeaveCertificate authentication bypass vulnerability August 19, 2019 CVE Number CVE-2019-5044 Summary An exploitable certificate authentication vulnerability exists in the Weave CASE Pairing function of the Nest...

Nest Labs Nest Cam IQ Indoor Weave PASE pairing brute force vulnerability

Summary An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An...

Nest Labs Nest Cam IQ Indoor Weave TCP connection denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability...

Nest Labs Openweave-core Weave Tool Code Execution Vulnerability

Openweave-core is a home LAN application stack for asynchronous, symmetric, device-to-device and device-to-cloud communication for control path and data path messaging. A code execution vulnerability in the print-tlv command of the Weave tool in Nest Labs Openweave-core version 4.0.2 can be...

Nest Labs Openweave Weave DecodeMessageWithLength Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker c...

Nest Labs Openweave Weave tool Print-TLV code execution vulnerability

Summary An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted...

Nest Labs Communication Detection

Binary data 8836.prm...

Nest Labs Mobile Application Detection (deprecated)

Binary data 8838.prm...

Nest Labs Appliance Detection

Binary data 8837.prm...