Nest Wifi Pro Firmware
CVE-2024-22013
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (google) · only source for this CVE.
CVSS VectorVendor: google
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
U-Boot environment is read from unauthenticated partition.
AnalysisAI
U-Boot environment is read from unauthenticated partition. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Affected products include: Google Nest Wifi Pro Firmware, Google Nest Wifi Point Firmware, Google Nest Wifi Router Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Nest Wifi Pro Firmware
View allGoogle Nest WiFi Pro root code-execution & user-data compromise. Rated critical severity (CVSS 10.0), this vulnerability
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today