Skip to main content

Nest Mini Firmware

2 CVEs product

Monthly

CVE-2024-32928 MEDIUM This Month

The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google Nest Mini Firmware Libcurl
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-48419 CRITICAL Act Now

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Nest Audio Firmware Nest Mini Firmware Home Mini Firmware +1
NVD
CVSS 3.1
10.0
EPSS
0.0%
EPSS 0% CVSS 5.9
MEDIUM This Month

The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google Nest Mini Firmware +1
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Nest Audio Firmware +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy