CRITICAL🇵🇱 Wersja polska

CVE-2023-6339

CVSS 10.0v3.1pub. 2024-01-02upd. 2024-11-21

Google Nest WiFi Pro root code-execution & user-data compromise

🤖 AI Analysis
How it works

The vulnerability is related to lack of encryption of sensitive data (CWE-311), which may enable interception or manipulation of device communication. The flaw allows an unauthenticated remote attacker to execute arbitrary code in a privileged (root) context on the device. The scope of the attack extends beyond the device itself (Scope: Changed), meaning potential impact on other systems in the network.

Impact

An attacker can gain full control of the device with root privileges, leading to complete breach of confidentiality, integrity, and availability of the system and user data stored or transmitted through the router.

Mitigation & patch

Apply patches available from the manufacturer according to the references (https://support.google.com/product-documentation/answer/14273332). It is recommended to immediately update the device firmware to the version indicated by Google as secure.

Who is affected

Google Nest WiFi Pro and its firmware – specific versions indicated in manufacturer references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Google Nest Wifi Pro

    HW
    Google
    wszystkie wersje
  • Google Nest Wifi Pro Firmware

    OS
    Google
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-22004CRITICAL10.0PL ✓ten sam produkt

Wyciek pamięci Trusted Application w urządzeniach Google Nest Wifi

CVE-2024-22013MEDIUM5.3ten sam produkt

U-Boot environment is read from unauthenticated partition.

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2024-7971CRITICAL9.6⚠ KEVPL ✓ten sam vendor

Type confusion w V8 (Google Chrome/Edge) umożliwiający heap corruption

CVE-2024-5274CRITICAL9.6⚠ KEVPL ✓ten sam vendor

Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML