RSS   Vulnerabilities for 'Wemo home automation firmware'   RSS

2014-02-22
 
CVE-2013-6952

CWE-310
 

 
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.

 
 
CVE-2013-6951

CWE-310
 

 
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.

 
 
CVE-2013-6950

CWE-310
 

 
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows remote attackers to obtain sensitive information by sniffing the network.

 
 
CVE-2013-6949

CWE-264
 

 
The Belkin WeMo Home Automation firmware before 3949 does not properly restrict the use of STUN and TURN proxies, which allows man-in-the-middle attackers to bypass intended access restrictions via crafted packets.

 
 
CVE-2013-6948

CWE-94
 

 
The peerAddresses API in Belkin WeMo Home Automation firmware before 3949 allows remote attackers to conduct XML injection attacks and read arbitrary files via unspecified vectors.

 

 >>> Vendor: Belkin 31 Products
F5d5230-4 4-port cable dsl gateway router
F5d6130 wnap
Belkin 54g wireless router
54g wireless router
F5d7230-4
F5d7232-4
Bluetooth software
F5d7231-4
F5d9230-4
F5d7632-4
Wireless g router
N150 wireless router
N300 wireless router
N450 wireless router
N900 wireless router
F5d8236-4-v2
N900
N300
Wemo home automation firmware
F5d8236-4
N150 f9k1009
N150 f9k1009 firmware
F5d8236-4 v2
N900 firmware
N300 firmware
N750 wireless router
N750 wireless router firmware
N300 dual-band wi-fi range extender firmware
N600 db wi-fi dual-band n\+ router f9k1102 firmware
N750 firmware
Wemo insight smart plug firmware


Copyright 2019, cxsecurity.com

 

Back to Top