你要瀏覽的網頁目前並未提供你慣用的語言版本。你可以在頁面底部選取其他語言版本,或使用 Google Chrome 內建的翻譯功能,將網頁內容即時翻譯成所選的語言。

Nest Security Bulletin—December 2023

Published December 11, 2023

You can find past Nest Security Bulletins in the archive.

This Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest’s connected home devices.The vulnerabilities listed in this bulletin have been addressed. Devices started receiving (Over-the-Air) OTA updates in December 2023.

Security Patches

Vulnerabilities are grouped under the device family group and component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, and severity.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.

Speakers

Software version 2.58

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

List of Devices included in the update

System

CVE 

Type 

Severity

CVE-2023-48419

EoP

High

CVE-2023-5129 RCE High
 

Cameras & Doorbells

Software Version 1.69c

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

List of Devices included in the update

Nest Doorbell (battery)

Nest Cam (outdoor or indoor, battery).     

Nest Cam with floodlight

Nest Cam (indoor, wired)

System

CVE 

Type 

Severity

CVE-2019-12900

RCE

High 

 

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

Find your device's firmware version

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available 

Get help

Get answers from experts on the Google Nest Community or contact us.

Search
Clear search
Close search
Main menu
12902594140846279596
true
搜尋說明中心
true
true
true
false
false