Nest Security Bulletin-December 2024

Published December 16, 2024

 

Past Nest Security Bulletins can be found here.

This Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest's connected home devices. The vulnerabilities listed in this bulletin have been addressed. Devices started receiving (Over-the-Air) OTA updates in December 2024.

Security patches

Vulnerabilities are grouped under the device family group and component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, and severity.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.

Wifi

Software Release Version:24R2

  • Nest Wifi Point:
  • Nest Wifi Router:

Firmware is the software installed on your Google Nest Wifi devices. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

List of Devices Included in the Update

Nest Wifi Pro

Nest Wifi Point

Nest Wifi Router

Common Vulnerabilities and Exposures (CVE)

CVE

Type

Severity

Subcomponent

CVE-2018-25032

EoP

High

zlib

CVE-2023-45853

EoP

High

zlib

Speakers

Software Release Version: 3.74.1

Firmware is the software installed on your Google Nest Speakers devices. When a firmware update is available, your device will automatically download the update via an OTA update.

List of Devices Included in the Update

Nest Audio

Nest Mini

Common Vulnerabilities and Exposures (CVE)

CVE

Type

Severity

Subcomponent

CVE-2024-26923

EoP

High

Kernel

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

Find your device's firmware version

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

Get Help

Get answers from experts on the Google Nest Community or contact us.

Search
Clear search
Close search
Google apps
Main menu
15930842721292432909
true
Search Help Center
true
true
true
false
false