¹È¸èNestÖÇÄÜÉãÏñÍ·¶à¸öÇå¾²Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-08-21

? Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-5043£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5034£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5040£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5038£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5039£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5035£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5036£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5037£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


? Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Google Nest Cam IQ Indoor 4620002°æ±¾
Openweave-core 4.0.2°æ±¾


Îó²î¸ÅÊö


Google Nest Cam IQ IndoorÊÇÃÀ¹ú¹È¸è£¨Google£©µÄÒ»¿îÊÒÄÚÉãÏñÍ·¡£¡£¡£¡£¡£¡£


Openweave-coreÊÇÒ»¸ö¼ÒÍ¥¾ÖÓòÍøÓ¦ÓÃЭÒéÕ»£¬£¬£¬£¬£¬£¬ËüÖ÷ÒªÓÃÓÚ¿ØÖÆ·¾¶ºÍÊý¾Ý·¾¶ÐÂÎÅת´ïµÄÒì²½¡¢¶Ô³Æ¡¢×°±¸µ½×°±¸ºÍ×°±¸µ½ÔƵÄͨѶ¡£¡£¡£¡£¡£¡£


CVE-2019-5043

Google Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeaveÊØ»¤Àú³Ì±£´æ×ÊÔ´ÖÎÀí¹ýʧÎó²î¡£¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·¶Ôϵͳ×ÊÔ´£¨ÈçÄÚ´æ¡¢´ÅÅ̿ռ䡢ÎļþµÈ£©µÄÖÎÀí²»µ±¡£¡£¡£¡£¡£¡£


CVE-2019-5034

Google Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave Legacy Pairing¹¦Ð§±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ£¬£¬£¬£¬£¬£¬Î´×¼È·ÑéÖ¤Êý¾Ý½çÏߣ¬£¬£¬£¬£¬£¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æλÖÃÉÏÖ´ÐÐÁ˹ýʧµÄ¶Áд²Ù×÷¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îµ¼Ö»º³åÇøÒç³ö»ò¶ÑÒç³öµÈ¡£¡£¡£¡£¡£¡£


CVE-2019-5040 

Openweave-core 4.0.2°æ±¾ºÍNest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave MessageLayerÆÊÎöÀú³Ì±£´æÊäÈëÑéÖ¤¹ýʧÎó²î¡£¡£¡£¡£¡£¡£¹¥»÷Õ߿ɽèÖúÌØÖƵÄweaveÊý¾Ý°üʹÓøÃÎó²îй¶ÐÅÏ¢¡£¡£¡£¡£¡£¡£


CVE-2019-5038

Nest Labs Openweave-core 4.0.2°æ±¾ÖеÄWeave¹¤¾ßµÄprint-tlvÏÂÁî±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿Éͨ¹ýÓÕʹÓû§·­¿ªÌØÖƵÄWeaveÏÂÁîʹÓøÃÎó²îÖ´ÐдúÂë¡£¡£¡£¡£¡£¡£ 


CVE-2019-5039

Openweave-core 4.0.2°æ±¾ÖеÄASN1Ö¤ÊéÌÜд¹¦Ð§±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¡£¹¥»÷Õ߿ɽèÖúÌØÖƵÄweaveÖ¤ÊéʹÓøÃÎó²îÖ´ÐдúÂë¡£¡£¡£¡£¡£¡£


CVE-2019-5035

Google Nest Labs Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave PASEÆÊÎö¹¦Ð§±£´æÐÅϢй¶Îó²î¡£¡£¡£¡£¡£¡£¹¥»÷Õ߿ɽèÖúÌØÖƵÄweaveÊý¾Ý°üʹÓøÃÎó²î»ñÈ¡¸ü¸ßµÄWeave»á¼ûȨÏÞ²¢¿ÉÄÜÍêÈ«¿ØÖÆ×°±¸¡£¡£¡£¡£¡£¡£


CVE-2019-5036

Google Nest Labs Nest Cam IQ Indoor version 4620002°æ±¾ÖеÄWeave¹ýʧ±¨¸æ¹¦Ð§±£´æ»á¼û¿ØÖƹýʧÎó²î¡£¡£¡£¡£¡£¡£¹¥»÷Õ߿ɽèÖúÌØÖƵÄweaveÊý¾Ý°üʹÓøÃÎó²î¹Ø±Õí§ÒâµÄWeave Exchange Session£¬£¬£¬£¬£¬£¬µ¼Ö¾ܾøЧÀÍ¡£¡£¡£¡£¡£¡£


CVE-2019-5037

Google Nest Cam IQ Indoor camera 4620002°æ±¾ÖеÄWeaveÖ¤Êé¼ÓÔع¦Ð§±£´æÊäÈëÑéÖ¤¹ýʧÎó²î¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿Éͨ¹ý·¢ËÍÌØÖƵÄÊý¾Ý°üʹÓøÃÎó²îÔì³É¾Ü¾øЧÀÍ¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬£¬£¬£¬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£º


https://nest.com/

https://openweave.io/


²Î¿¼Á´½Ó


https://www.zdnet.com/article/vulnerabilities-in-google-nest-cam-iq-can-be-used-to-hijack-your-camera/