Google: >> Nest Mini Security Vulnerabilities
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-08-19
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege
CVSS Score
10.0
EPSS Score
0.0
Published
2024-01-02