Weave PASE Pairing Vulnerability in Nest Cam IQ Indoor

Weave PASE Pairing Vulnerability in Nest Cam IQ Indoor

CVE-2019-5035 · CRITICAL Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability.

Learn more about our Web Application Penetration Testing UK.