CVE-2024-32928

The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt