¹È¸èNestÖÇÄÜÉãÏñÍ·¶à¸ö°²È«·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-08-21

? ·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-5043£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5034£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5040£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5038£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5039£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5035£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5036£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5037£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


? Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Google Nest Cam IQ Indoor 4620002°æ±¾
Openweave-core 4.0.2°æ±¾


·ì϶¸ÅÊö


Google Nest Cam IQ IndoorÊÇÃÀ¹ú¹È¸è£¨Google£©µÄÒ»¿îÊÒÄÚÉãÏñÍ·¡£


Openweave-coreÊÇÒ»¸ö¼ÒÍ¥¾ÖÓòÍøÀûÓúÍ̸ջ£¬ËüÖØÒªÓÃÓÚ½ÚÔìõ辶ºÍÊý¾Ýõ辶ÐÂÎÅ´«µÝµÄÒì²½¡¢¶Ô³Æ¡¢É豸µ½É豸ºÍÉ豸µ½ÔƵÄͨѶ¡£


CVE-2019-5043

Google Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeaveÊØ»¤¹ý³Ì´æÔÚ×ÊÔ´ÖÎÀíÃýÎó·ì϶¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·¶Ôϵͳ×ÊÔ´£¨ÈçÄÚ´æ¡¢´ÅÅ̿ռ䡢ÎļþµÈ£©µÄÖÎÀí²»µ±¡£


CVE-2019-5034

Google Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave Legacy PairingÖ°ÄÜ´æÔÚ»º³åÇøÃýÎó·ì϶¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ£¬Î´ÕýÈ·ÑéÖ¤Êý¾ÝÌìǵ£¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æµØλÉÏÖ´ÐÐÁËÃýÎóµÄ¶Áд²Ù×÷¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶µ¼Ö»º³åÇøÒç³ö»ò¶ÑÒç³öµÈ¡£


CVE-2019-5040 

Openweave-core 4.0.2°æ±¾ºÍNest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave MessageLayer½âÎö¹ý³Ì´æÔÚÊäÈëÑéÖ¤ÃýÎó·ì϶¡£¹¥»÷Õ߿ɽèÖúÌØÔìµÄweaveÊý¾Ý°üÀûÓø÷ì϶й¶ÐÅÏ¢¡£


CVE-2019-5038

Nest Labs Openweave-core 4.0.2°æ±¾ÖеÄWeave¹¤¾ßµÄprint-tlvºÅÁî´æÔÚ»º³åÇøÃýÎó·ì϶¡£¹¥»÷Õß¿Éͨ¹ýÓÕʹÓû§´ò¿ªÌØÔìµÄWeaveºÅÁîÀûÓø÷ì϶ִÐдúÂë¡£ 


CVE-2019-5039

Openweave-core 4.0.2°æ±¾ÖеÄASN1Ö¤ÊéÊéдְÄÜ´æÔÚ»º³åÇøÃýÎó·ì϶¡£¹¥»÷Õ߿ɽèÖúÌØÔìµÄweaveÖ¤ÊéÀûÓø÷ì϶ִÐдúÂë¡£


CVE-2019-5035

Google Nest Labs Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave PASE½âÎöÖ°ÄÜ´æÔÚÐÅϢй¶·ì϶¡£¹¥»÷Õ߿ɽèÖúÌØÔìµÄweaveÊý¾Ý°üÀûÓø÷ì϶»ñÈ¡¸ü¸ßµÄWeave½Ó¼ûȨÏÞ²¢¿ÉÄÜÆëÈ«½ÚÔìÉ豸¡£


CVE-2019-5036

Google Nest Labs Nest Cam IQ Indoor version 4620002°æ±¾ÖеÄWeaveÃýÎó»ã±¨Ö°ÄÜ´æÔÚ½Ó¼û½ÚÔìÃýÎó·ì϶¡£¹¥»÷Õ߿ɽèÖúÌØÔìµÄweaveÊý¾Ý°üÀûÓø÷ì϶¹Ø¹ØËÁÒâµÄWeave Exchange Session£¬µ¼Ö»ؾø·þÎñ¡£


CVE-2019-5037

Google Nest Cam IQ Indoor camera 4620002°æ±¾ÖеÄWeaveÖ¤Êé¼ÓÔØÖ°ÄÜ´æÔÚÊäÈëÑéÖ¤ÃýÎó·ì϶¡£¹¥»÷Õß¿Éͨ¹ý·¢ËÍÌØÔìµÄÊý¾Ý°üÀûÓø÷ì϶Ôì³É»Ø¾ø·þÎñ¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÔÝδ°ä²¼½¨¸´´ëÊ©½â¾ö´Ë°²È«ÎÊÌ⣬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö·¨×Ó£º


https://nest.com/

https://openweave.io/


²Î¿¼Á´½Ó


https://www.zdnet.com/article/vulnerabilities-in-google-nest-cam-iq-can-be-used-to-hijack-your-camera/