GCVE - cpe:2.3:a:n/a:nest_labs:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:nest_labs:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Nest Labs (`5bb786b6-9a6f-529d-a7eb-fd2a3216fb46`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-5043`	vulnerable	2026-06-08 05:13:57.589582	Details available MEDIUM (5.3) An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. Published: 2019-10-31T20:02:30.000Z Updated: 2024-08-04T19:47:55.624Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0810	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5040`	vulnerable	2026-06-08 05:13:57.585147	Details available HIGH (8.2) An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability. Published: 2019-08-20T20:42:39.000Z Updated: 2024-08-04T19:40:49.003Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0803	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5039`	vulnerable	2026-06-08 05:13:57.584579	Details available HIGH (7.5) An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability. Published: 2019-08-20T20:39:41.000Z Updated: 2024-08-04T19:40:49.152Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0802	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5038`	vulnerable	2026-06-08 05:13:57.582361	Details available HIGH (7.5) An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command. Published: 2019-08-20T20:39:27.000Z Updated: 2024-08-04T19:40:49.275Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0801	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5037`	vulnerable	2026-06-08 05:13:57.582015	Details available HIGH (7.5) An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger. Published: 2019-08-20T20:39:57.000Z Updated: 2024-08-04T19:40:49.265Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0800	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5036`	vulnerable	2026-06-08 05:13:57.581415	Details available HIGH (7.5) An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability. Published: 2019-08-20T21:08:40.000Z Updated: 2024-08-04T19:40:49.272Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0799	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5035`	vulnerable	2026-06-08 05:13:57.579719	Details available CRITICAL (9) An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability. Published: 2019-08-20T21:07:51.000Z Updated: 2024-08-04T19:40:49.376Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0798	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5034`	vulnerable	2026-06-08 05:13:57.578060	Details available MEDIUM (5.3) An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability. Published: 2019-08-20T21:07:10.000Z Updated: 2024-08-04T19:40:49.198Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2019-0797	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.