Headline
CVE-2023-2626: Nest Security Bulletin—June 2023 - Product Documentation Help
There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range.
Published June 22, 2023
You can find past Nest Security Bulletins in the archive.
This Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest’s connected home devices.The vulnerabilities listed in this bulletin have been addressed. Devices started receiving (Over-the-Air) OTA updates in June 2023.
Security Patches
Vulnerabilities are grouped under the device family group and component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, and severity.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
Speakers
Firmware version 1.56.5
Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.
List of Devices included in the update
Nest Audio
Nest Mini
Google Home Mini
Google Home
Kernel
Cameras and Doorbells
Firmware version 1.67c.
Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.
List of Devices included in the update
Kernel
Nest Wifi
Firmware version 1.63.355999.
Firmware is the software installed on your Google Nest Wifi devices. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.
List of Devices included in the update
Kernel****Open Thread
CVE
Type
Severity
CVE-2023-2626
EoP
Moderate
Common questions and answers
This section answers common questions that may occur after reading this bulletin.
1. How do I determine if my device is updated to address these issues?
Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.
Find your device’s firmware version
2. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
Abbreviation
Definition
RCE
Remote code execution
EoP
Elevation of privilege
ID
Information disclosure
DoS
Denial of service
N/A
Classification not available
Get help
Get answers from experts on the Google Nest Community or contact us.