ГлавнаяУязвимости → CVE-2024-44097
9.8критическая

CVE-2024-44097

Описание

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server."

Затрагиваемое ПО
Google Nest doorbell \(battery\) firmwareGoogle Nest doorbell \(battery\)Google Nest cam \(outdoor or indoor\, battery\) firmwareGoogle Nest cam \(outdoor or indoor\, battery\)Google Nest cam with floodlight firmwareGoogle Nest cam with floodlightGoogle Nest cam \(indoor\, wired\) firmwareGoogle Nest cam \(indoor\, wired\)
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://support.google.com/product-documentation/answer/14950962?sjid=9489879942601373169-NA