CVE-2019-5038
published 2019-08-20CVE-2019-5038: An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer…
PriorityP350high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.72%
84.2th percentile
An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openweave | openweave-core | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
blogs_talos·2019-08-19·CVSS 5.3
[MEDIUM] Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in the Nest Cam IQ Indoor camera. One of Nest Labs’ most advanced internet-of-things devices, the Nest Cam IQ Indoor integrates Security-Enhanced Linux in Android, Google Assistant, and even facial recognition all into a compact security camera. It primarily uses the Weave protocol for setup and initial communications with other Nest devices over TCP, UDP, Bluetooth and 6lowpan. Most of these vulnerabilities lie in the weave binary of the camera, however, there are some that also apply to the weave-tool binary. It is important to note that while the
weave-tool binary also lives on the camera and is vulnerable, it is not normally exploitable as it requ
Talos
Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
blogs_talos·2019-08-19·CVSS 5.3
[MEDIUM] Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
## Vulnerability Spotlight: Multiple bugs in OpenWeave and Nest Labs Nest Cam IQ indoor camera
Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in the Nest Cam IQ Indoor camera. One of Nest Labs’ most advanced internet-of-things devices, the Nest Cam IQ Indoor integrates Security-Enhanced Linux in Android, Google Assistant, and even facial recognition all into a compact security camera. It primarily uses the Weave protocol for setup and initial communications with other Nest devices over TCP, UDP, Bluetooth and 6lowpan. Most of these vulnerabilities lie in the weave binary of the camera, however, there are some that also apply to the weave-tool binary. It is important to note that while the
weave-t
2019-08-20
Published