RSS   Vulnerabilities for 'Home firmware'   RSS

2018-06-24
 
CVE-2018-12716

CWE-200
 

 
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.

 

 >>> Vendor: Google 67 Products
Toolbar
TALK
Mini search appliance
Search appliance
Api search
Earth
Desktop
Web toolkit
Custom search engine
Picasa
KML
Android sdk
Google apps
Chrome
Gears
Android
V8
Google sketchup
Chrome os
App engine python sdk
Idapython
Cr-48 chromebook
Chr2000ome
Sketchup
Chrome2000
Chrom2000e
Bionic
Tunnelblick
Admob
Checkout-php
Cityhash
Android sdk tools
Chrome frame
Frame
Google authenticator
Authenticator
Glass
Android api
Search appliance software
Android debug bridge
Android sdk platform tools
Android browser
Nexus 7
Calendar events
Email
Play services sdk
Kubernetes
Android one
Sfntly
GRPC
Google i/o 2017
News and weather
Protobuf
Gmail
Boringssl
Santa
Chromecast firmware
Home firmware
Mod pagespeed
Rendertron
Cardboard
Kubernetes engine
Guava
Tensorflow
Snappy
Nexus 7 firmware
Nexus 9 firmware


Copyright 2019, cxsecurity.com

 

Back to Top