Login Sign Up

CVE-2023-48419

10.0 CRITICAL

📋 TL;DR

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victim and gain elevated privileges. It affects Google Home devices with vulnerable firmware, potentially exposing user data and device control.

💻 Affected Systems

Products:
  • Google Home
  • Google Home Mini
  • Google Nest Mini
  • Google Home Max
Versions: Firmware versions prior to 2.57.339200
Operating Systems: Google Cast OS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with default Wi-Fi settings are vulnerable. Requires attacker to be within Wi-Fi range.

📦 What is this software?

Home Firmware by Google

View all CVEs affecting Home Firmware →

Home Mini Firmware by Google

View all CVEs affecting Home Mini Firmware →

Nest Audio Firmware by Google

View all CVEs affecting Nest Audio Firmware →

Nest Mini Firmware by Google

View all CVEs affecting Nest Mini Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of Google Home device, accesses microphone/camera feeds, intercepts communications, and potentially pivots to other network devices.

🟠

Likely Case

Attacker eavesdrops on conversations, accesses device settings, and collects personal information from the compromised device.

🟢

If Mitigated

Limited impact if device is patched, isolated on separate network, or attacker lacks physical proximity.

🌐 Internet-Facing: LOW (requires physical proximity to Wi-Fi network)
🏢 Internal Only: HIGH (exploitable from within Wi-Fi range without authentication)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires Wi-Fi proximity and specific timing/conditions. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware 2.57.339200 or later

Vendor Advisory: https://support.google.com/product-documentation/answer/14273332

Restart Required: Yes

Instructions:

1. Open Google Home app 2. Select device 3. Check for firmware updates 4. Apply update 5. Device will automatically restart

🔧 Temporary Workarounds

Network Segmentation

all

Place Google Home devices on separate VLAN/network from sensitive devices

Disable When Not in Use

all

Physically disconnect or power off device when not actively needed

🧯 If You Can't Patch

  • Move device to location with limited Wi-Fi range/coverage
  • Monitor network for unusual traffic from Google Home devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Google Home app: Device Settings > Device Information > Firmware version

Check Version:

Not applicable - use Google Home app interface

Verify Fix Applied:

Confirm firmware version is 2.57.339200 or higher in Google Home app

📡 Detection & Monitoring

Log Indicators:

  • Unusual device reboots
  • Firmware version changes
  • Unexpected configuration changes

Network Indicators:

  • Unusual network traffic from Google Home device
  • Unexpected outbound connections

SIEM Query:

device.vendor:"Google" AND device.product:"Home" AND event.action:"firmware_update" OR event.action:"configuration_change"

📊 Metadata

CVE ID: CVE-2023-48419
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-269
Published: January 2, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48419, you might also want to check these:

CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)
CVE-2023-48418 10.0

This vulnerability allows local privilege escalation on affected Android devices by enabling adb (An...

Same vulnerability type (CWE-269)