CVE-2023-6339 – CVE-2023-6339 is a critical vulnerability in Go... (How to Fix)

Q: What is the severity of CVE-2023-6339?

CVE-2023-6339 has a CVSS score of 10.0 (CRITICAL). CVE-2023-6339 is a critical vulnerability in Google Nest WiFi Pro routers that allows remote attackers to execute arbitrary code with root privileges and access user data. This affects all Nest WiFi Pro devices running vulnerable firmware versions. Attackers can potentially take full control of affected routers.

📋 TL;DR

CVE-2023-6339 is a critical vulnerability in Google Nest WiFi Pro routers that allows remote attackers to execute arbitrary code with root privileges and access user data. This affects all Nest WiFi Pro devices running vulnerable firmware versions. Attackers can potentially take full control of affected routers.

💻 Affected Systems

Products:

Google Nest WiFi Pro

Versions: Firmware versions prior to 1.68.347.0

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All Nest WiFi Pro devices with default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Nest Wifi Pro Firmware by Google

View all CVEs affecting Nest Wifi Pro Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with root access, allowing attackers to intercept all network traffic, install persistent malware, access connected devices, and steal sensitive user data including passwords and browsing history.

🟠

Likely Case

Remote attackers gaining administrative control of the router, enabling them to redirect traffic, perform man-in-the-middle attacks, and access network resources.

🟢

If Mitigated

Limited impact if router is isolated from internet or behind additional security controls, though local network attacks may still be possible.

🌐 Internet-Facing: HIGH - Routers are directly internet-facing by design, making them accessible to remote attackers.

🏢 Internal Only: HIGH - Once compromised, attackers can pivot to internal network resources and connected devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation details have been publicly disclosed, making weaponization likely. The vulnerability requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 1.68.347.0 or later

Vendor Advisory: https://support.google.com/product-documentation/answer/14273332

Restart Required: Yes

Instructions:

1. Open Google Home app. 2. Select your Nest WiFi Pro. 3. Go to Settings > Wi-Fi > Advanced networking > Software update. 4. Check for updates and install if available. 5. Router will restart automatically.

🔧 Temporary Workarounds

Isolate from Internet

all

Disable WAN connection or place behind another firewall to prevent remote exploitation

Network Segmentation

all

Place Nest WiFi Pro in isolated network segment to limit lateral movement if compromised

🧯 If You Can't Patch

Replace vulnerable Nest WiFi Pro with patched or alternative router
Implement strict network monitoring and intrusion detection for suspicious router activity

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Google Home app: Settings > Wi-Fi > Advanced networking > Software update. If version is below 1.68.347.0, device is vulnerable.

Check Version:

No CLI command available. Must use Google Home app interface.

Verify Fix Applied:

Confirm firmware version is 1.68.347.0 or higher in Google Home app after update.

📡 Detection & Monitoring

Log Indicators:

Unusual router configuration changes
Unexpected firmware modification attempts
Suspicious network traffic patterns from router

Network Indicators:

Unexpected outbound connections from router
DNS hijacking or redirection
SSL/TLS certificate anomalies

SIEM Query:

source="router_logs" AND (event="firmware_change" OR event="config_modification") OR dest_ip="router_ip" AND (port=80 OR port=443) AND suspicious_pattern

📊 Metadata

CVE ID: CVE-2023-6339

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-311

Published: January 2, 2024

Last Updated: November 21, 2024

🔗 References

https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA Not Applicable
https://vuldb.com/?id.249563 Third Party Advisory
https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6339, you might also want to check these: