Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Nest Wifi Pro by Google
CVE-2024-22013 (GCVE-0-2024-22013)
Vulnerability from nvd – Published: 2024-09-16 19:52 – Updated: 2024-11-06 21:06
VLAI
EPSS
VEX
Summary
U-Boot environment is read from unauthenticated partition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-noinfo Not enough information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nest Wifi Pro |
Affected:
3.73.424613
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:07:50.245315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:06:31.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nest Wifi Pro",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "3.73.424613"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eU-Boot environment is read from unauthenticated partition.\u003c/p\u003e"
}
],
"value": "U-Boot environment is read from unauthenticated partition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T19:52:33.764Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://support.google.com/product-documentation/answer/14950962?hl=en\u0026ref_topic=12974021\u0026sjid=9595902703262170957-NA#zippy=%2Cwifi"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-22013",
"datePublished": "2024-09-16T19:52:33.764Z",
"dateReserved": "2024-01-03T21:00:57.456Z",
"dateUpdated": "2024-11-06T21:06:31.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22004 (GCVE-0-2024-22004)
Vulnerability from nvd – Published: 2024-04-05 18:03 – Updated: 2024-08-01 22:35
VLAI
EPSS
VEX
Title
Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read
Summary
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nest Wifi Pro |
Affected:
v11
|
||
| nest_wifi_pro_firmware |
Affected:
11
cpe:2.3:o:google:nest_wifi_pro_firmware:11:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:nest_wifi_pro_firmware:11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nest_wifi_pro_firmware",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T15:53:35.353686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T15:55:01.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.google.com/product-documentation/answer/14580222?hl=en\u0026ref_topic=12974021\u0026sjid=10751611047462550096-NA"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nest Wifi Pro",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ememory from the Trusted Application\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure\u00a0memory from the Trusted Application\n"
}
],
"impacts": [
{
"capecId": "CAPEC-456",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-456 Infected Memory"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T18:03:23.151Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://support.google.com/product-documentation/answer/14580222?hl=en\u0026ref_topic=12974021\u0026sjid=10751611047462550096-NA"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-22004",
"datePublished": "2024-04-05T18:03:23.151Z",
"dateReserved": "2024-01-03T21:00:57.455Z",
"dateUpdated": "2024-08-01T22:35:34.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22013 (GCVE-0-2024-22013)
Vulnerability from cvelistv5 – Published: 2024-09-16 19:52 – Updated: 2024-11-06 21:06
VLAI
EPSS
VEX
Summary
U-Boot environment is read from unauthenticated partition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-noinfo Not enough information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nest Wifi Pro |
Affected:
3.73.424613
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T18:07:50.245315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:06:31.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nest Wifi Pro",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "3.73.424613"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eU-Boot environment is read from unauthenticated partition.\u003c/p\u003e"
}
],
"value": "U-Boot environment is read from unauthenticated partition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T19:52:33.764Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://support.google.com/product-documentation/answer/14950962?hl=en\u0026ref_topic=12974021\u0026sjid=9595902703262170957-NA#zippy=%2Cwifi"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-22013",
"datePublished": "2024-09-16T19:52:33.764Z",
"dateReserved": "2024-01-03T21:00:57.456Z",
"dateUpdated": "2024-11-06T21:06:31.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22004 (GCVE-0-2024-22004)
Vulnerability from cvelistv5 – Published: 2024-04-05 18:03 – Updated: 2024-08-01 22:35
VLAI
EPSS
VEX
Title
Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read
Summary
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nest Wifi Pro |
Affected:
v11
|
||
| nest_wifi_pro_firmware |
Affected:
11
cpe:2.3:o:google:nest_wifi_pro_firmware:11:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:nest_wifi_pro_firmware:11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nest_wifi_pro_firmware",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "11"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T15:53:35.353686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T15:55:01.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.google.com/product-documentation/answer/14580222?hl=en\u0026ref_topic=12974021\u0026sjid=10751611047462550096-NA"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nest Wifi Pro",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "v11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ememory from the Trusted Application\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure\u00a0memory from the Trusted Application\n"
}
],
"impacts": [
{
"capecId": "CAPEC-456",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-456 Infected Memory"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-05T18:03:23.151Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://support.google.com/product-documentation/answer/14580222?hl=en\u0026ref_topic=12974021\u0026sjid=10751611047462550096-NA"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2024-22004",
"datePublished": "2024-04-05T18:03:23.151Z",
"dateReserved": "2024-01-03T21:00:57.455Z",
"dateUpdated": "2024-08-01T22:35:34.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}