¹È¸èNestÖÇÄÜÉãÏñÍ·¶à¸öÇå¾²Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-08-21

? Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-5043£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5034£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5040£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5038£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5039£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5035£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5036£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-5037£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


? Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Google Nest Cam IQ Indoor 4620002°æ±¾
Openweave-core 4.0.2°æ±¾


Îó²î¸ÅÊö


Google Nest Cam IQ IndoorÊÇÃÀ¹ú¹È¸è£¨Google£©µÄÒ»¿îÊÒÄÚÉãÏñÍ·¡£¡£¡£¡£¡£


Openweave-coreÊÇÒ»¸ö¼ÒÍ¥¾ÖÓòÍøÓ¦ÓÃЭÒéÕ»£¬£¬£¬£¬£¬ËüÖ÷ÒªÓÃÓÚ¿ØÖÆ·¾¶ºÍÊý¾Ý·¾¶ÐÂÎÅת´ïµÄÒì²½¡¢¶Ô³Æ¡¢×°±¸µ½×°±¸ºÍ×°±¸µ½ÔƵÄͨѶ¡£¡£¡£¡£¡£


CVE-2019-5043

Google Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeaveÊØ»¤Àú³Ì±£´æ×ÊÔ´ÖÎÀí¹ýʧÎó²î¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·¶Ôϵͳ×ÊÔ´£¨ÈçÄÚ´æ¡¢´ÅÅ̿ռ䡢ÎļþµÈ£©µÄÖÎÀí²»µ±¡£¡£¡£¡£¡£


CVE-2019-5034

Google Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave Legacy Pairing¹¦Ð§±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ£¬£¬£¬£¬£¬Î´×¼È·ÑéÖ¤Êý¾Ý½çÏߣ¬£¬£¬£¬£¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æλÖÃÉÏÖ´ÐÐÁ˹ýʧµÄ¶Áд²Ù×÷¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îµ¼Ö»º³åÇøÒç³ö»ò¶ÑÒç³öµÈ¡£¡£¡£¡£¡£


CVE-2019-5040 

Openweave-core 4.0.2°æ±¾ºÍNest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave MessageLayerÆÊÎöÀú³Ì±£´æÊäÈëÑéÖ¤¹ýʧÎó²î¡£¡£¡£¡£¡£¹¥»÷Õ߿ɽèÖúÌØÖƵÄweaveÊý¾Ý°üʹÓøÃÎó²îй¶ÐÅÏ¢¡£¡£¡£¡£¡£


CVE-2019-5038

Nest Labs Openweave-core 4.0.2°æ±¾ÖеÄWeave¹¤¾ßµÄprint-tlvÏÂÁî±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¹¥»÷Õß¿Éͨ¹ýÓÕʹÓû§·­¿ªÌØÖƵÄWeaveÏÂÁîʹÓøÃÎó²îÖ´ÐдúÂë¡£¡£¡£¡£¡£ 


CVE-2019-5039

Openweave-core 4.0.2°æ±¾ÖеÄASN1Ö¤ÊéÌÜд¹¦Ð§±£´æ»º³åÇø¹ýʧÎó²î¡£¡£¡£¡£¡£¹¥»÷Õ߿ɽèÖúÌØÖƵÄweaveÖ¤ÊéʹÓøÃÎó²îÖ´ÐдúÂë¡£¡£¡£¡£¡£


CVE-2019-5035

Google Nest Labs Nest Cam IQ Indoor 4620002°æ±¾ÖеÄWeave PASEÆÊÎö¹¦Ð§±£´æÐÅϢй¶Îó²î¡£¡£¡£¡£¡£¹¥»÷Õ߿ɽèÖúÌØÖƵÄweaveÊý¾Ý°üʹÓøÃÎó²î»ñÈ¡¸ü¸ßµÄWeave»á¼ûȨÏÞ²¢¿ÉÄÜÍêÈ«¿ØÖÆ×°±¸¡£¡£¡£¡£¡£


CVE-2019-5036

Google Nest Labs Nest Cam IQ Indoor version 4620002°æ±¾ÖеÄWeave¹ýʧ±¨¸æ¹¦Ð§±£´æ»á¼û¿ØÖƹýʧÎó²î¡£¡£¡£¡£¡£¹¥»÷Õ߿ɽèÖúÌØÖƵÄweaveÊý¾Ý°üʹÓøÃÎó²î¹Ø±Õí§ÒâµÄWeave Exchange Session£¬£¬£¬£¬£¬µ¼Ö¾ܾøЧÀÍ¡£¡£¡£¡£¡£


CVE-2019-5037

Google Nest Cam IQ Indoor camera 4620002°æ±¾ÖеÄWeaveÖ¤Êé¼ÓÔع¦Ð§±£´æÊäÈëÑéÖ¤¹ýʧÎó²î¡£¡£¡£¡£¡£¹¥»÷Õß¿Éͨ¹ý·¢ËÍÌØÖƵÄÊý¾Ý°üʹÓøÃÎó²îÔì³É¾Ü¾øЧÀÍ¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬£¬£¬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£º


https://nest.com/

https://openweave.io/


²Î¿¼Á´½Ó


https://www.zdnet.com/article/vulnerabilities-in-google-nest-cam-iq-can-be-used-to-hijack-your-camera/