CVE-2024-44097

CRITICAL

Google Nest Doorbell (Battery) Firmware < 1.73c - Improper Certificate Validation

Title source: llm

Description

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server."

References (1)

Core 1

Core References

Vendor Advisory

https://support.google.com/product-documentation/answer/14950962?sjid=9489879942601373169-NA

Scores

CVSS v3 9.8

EPSS 0.0008

EPSS Percentile 22.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-269

Status published

Products (4)

google/nest_cam_\(indoor\,_wired\)_firmware < 1.73c

google/nest_cam_\(outdoor_or_indoor\,_battery\)_firmware < 1.73c

google/nest_cam_with_floodlight_firmware < 1.73c

google/nest_doorbell_\(battery\)_firmware < 1.73c

Published Oct 02, 2024

Tracked Since Feb 18, 2026