All the vulnerabilites related to google - chromecast_firmware
Vulnerability from fkie_nvd
Published
2023-12-11 06:15
Modified
2024-11-21 08:31
Severity ?
Summary
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chromecast_firmware | * | ||
| chromecast | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chromecast_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE9FBBE-6CAD-4FBB-81AE-38F54D5CF228",
"versionEndExcluding": "2023-10-01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:chromecast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "256DBC65-47FC-4E97-AD1B-659F3B239AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application"
},
{
"lang": "es",
"value": "Verificaciones de permisos faltantes que resultan en acceso no autorizado y manipulaci\u00f3n en la aplicaci\u00f3n KeyChainActivity"
}
],
"id": "CVE-2023-48417",
"lastModified": "2024-11-21T08:31:40.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-11T06:15:42.667",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-11 06:15
Modified
2024-11-21 08:43
Severity ?
Summary
An oversight in BCB handling of reboot reason that allows for persistent code execution
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chromecast_firmware | * | ||
| chromecast | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chromecast_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE9FBBE-6CAD-4FBB-81AE-38F54D5CF228",
"versionEndExcluding": "2023-10-01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:chromecast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "256DBC65-47FC-4E97-AD1B-659F3B239AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An oversight in BCB handling of reboot reason that allows for persistent code execution"
},
{
"lang": "es",
"value": "Un descuido en el manejo del BCB del motivo de reinicio que permite la ejecuci\u00f3n persistente del c\u00f3digo."
}
],
"id": "CVE-2023-6181",
"lastModified": "2024-11-21T08:43:18.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-11T06:15:42.893",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-25 02:29
Modified
2024-11-21 03:45
Severity ?
Summary
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chromecast_firmware | - | ||
| chromecast | - | ||
| home_firmware | - | ||
| home | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chromecast_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "134970F5-6E61-445C-8D2E-D949B7FE1214",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:chromecast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "256DBC65-47FC-4E97-AD1B-659F3B239AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:home_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB2CCA0-DF27-47F2-9BFE-8E20372F8D14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:home:-:*:*:*:*:*:*:*",
"matchCriteriaId": "432EEFBF-0A5C-4271-A192-E25E60838844",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request."
},
{
"lang": "es",
"value": "El servicio API en dispositivos Google Home y Chromecast anteriores a mediados de julio de 2018 no evita ataques de reenlace DNS al leer los datos JSON scan_results. Esto permite que atacantes remotos determinen la ubicaci\u00f3n f\u00edsica de la mayor parte de navegadores web aprovechando la presencia de uno de estos dispositivos en su red local, extrayendo los campos bssid scan_results y envi\u00e1ndolos en una petici\u00f3n geolocation/v1/geolocate de la API Geolocation de Google Maps."
}
],
"id": "CVE-2018-12716",
"lastModified": "2024-11-21T03:45:43.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-25T02:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-11 06:15
Modified
2024-11-21 08:31
Severity ?
Summary
U-Boot vulnerability resulting in persistent Code Execution
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chromecast_firmware | * | ||
| chromecast | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chromecast_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE9FBBE-6CAD-4FBB-81AE-38F54D5CF228",
"versionEndExcluding": "2023-10-01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:chromecast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "256DBC65-47FC-4E97-AD1B-659F3B239AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "U-Boot vulnerability resulting in persistent Code Execution\u00a0"
},
{
"lang": "es",
"value": "Vulnerabilidad de U-Boot que resulta en una ejecuci\u00f3n de c\u00f3digo persistente"
}
],
"id": "CVE-2023-48425",
"lastModified": "2024-11-21T08:31:41.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-11T06:15:42.813",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-11 06:15
Modified
2024-11-21 08:31
Severity ?
Summary
U-Boot shell vulnerability resulting in Privilege escalation in a production device
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chromecast_firmware | * | ||
| chromecast | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:chromecast_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE9FBBE-6CAD-4FBB-81AE-38F54D5CF228",
"versionEndExcluding": "2023-10-01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:chromecast:-:*:*:*:*:*:*:*",
"matchCriteriaId": "256DBC65-47FC-4E97-AD1B-659F3B239AFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "U-Boot shell vulnerability resulting in Privilege escalation in a production device"
},
{
"lang": "es",
"value": "Vulnerabilidad del shell U-Boot que provoca una escalada de privilegios en un dispositivo de producci\u00f3n"
}
],
"id": "CVE-2023-48424",
"lastModified": "2024-11-21T08:31:41.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-11T06:15:42.767",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-6181
Vulnerability from cvelistv5
Published
2023-12-11 05:17
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
An oversight in BCB handling of reboot reason that allows for persistent code execution
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android SoC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An oversight in BCB handling of reboot reason that allows for persistent code execution"
}
],
"value": "An oversight in BCB handling of reboot reason that allows for persistent code execution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T05:17:05.043Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-6181",
"datePublished": "2023-12-11T05:17:05.043Z",
"dateReserved": "2023-11-16T19:53:59.529Z",
"dateUpdated": "2024-08-02T08:21:17.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48424
Vulnerability from cvelistv5
Published
2023-12-11 05:13
Modified
2024-08-02 21:30
Severity ?
EPSS score ?
Summary
U-Boot shell vulnerability resulting in Privilege escalation in a production device
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:30:34.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android SoC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "U-Boot shell vulnerability resulting in Privilege escalation in a production device"
}
],
"value": "U-Boot shell vulnerability resulting in Privilege escalation in a production device"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T05:13:01.011Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-48424",
"datePublished": "2023-12-11T05:13:01.011Z",
"dateReserved": "2023-11-16T16:28:09.702Z",
"dateUpdated": "2024-08-02T21:30:34.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48417
Vulnerability from cvelistv5
Published
2023-12-11 05:09
Modified
2024-08-02 21:30
Severity ?
EPSS score ?
Summary
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:30:34.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android SoC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application"
}
],
"value": "Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T05:09:59.659Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-48417",
"datePublished": "2023-12-11T05:09:48.557Z",
"dateReserved": "2023-11-16T16:28:09.701Z",
"dateUpdated": "2024-08-02T21:30:34.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12716
Vulnerability from cvelistv5
Published
2018-06-25 02:00
Modified
2024-09-17 01:15
Severity ?
EPSS score ?
Summary
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:45:02.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-25T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/",
"refsource": "MISC",
"url": "https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/"
},
{
"name": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325",
"refsource": "MISC",
"url": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
},
{
"name": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/",
"refsource": "MISC",
"url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/"
},
{
"name": "https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home/",
"refsource": "MISC",
"url": "https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12716",
"datePublished": "2018-06-25T02:00:00Z",
"dateReserved": "2018-06-24T00:00:00Z",
"dateUpdated": "2024-09-17T01:15:52.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48425
Vulnerability from cvelistv5
Published
2023-12-11 05:15
Modified
2024-08-02 21:30
Severity ?
EPSS score ?
Summary
U-Boot vulnerability resulting in persistent Code Execution
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:30:34.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android SoC"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "U-Boot vulnerability resulting in persistent Code Execution\u0026nbsp;"
}
],
"value": "U-Boot vulnerability resulting in persistent Code Execution\u00a0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T05:15:59.638Z",
"orgId": "83238938-5644-45f0-9007-c0392bcf6222",
"shortName": "Google_Devices"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/chromecast/2023-12-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222",
"assignerShortName": "Google_Devices",
"cveId": "CVE-2023-48425",
"datePublished": "2023-12-11T05:15:59.638Z",
"dateReserved": "2023-11-16T16:28:09.702Z",
"dateUpdated": "2024-08-02T21:30:34.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}