CVE-2018-12716 — MEDIUM (4.3)

Vulnerability Description

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Chromecast Firmware	-
Google	Chromecast	-
Google	Home Firmware	-
Google	Home	-

Related Weaknesses (CWE)

CWE-200

References

https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-hIssue TrackingThird Party Advisory
https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-hThird Party Advisory
https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/Third Party Advisory
https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-hIssue TrackingThird Party Advisory
https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-hThird Party Advisory
https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/Third Party Advisory

FAQ

What is CVE-2018-12716?

CVE-2018-12716 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine th...

How severe is CVE-2018-12716?

CVE-2018-12716 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12716?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chromecast Firmware, Google Chromecast, Google Home Firmware, Google Home.