XML External Entity Vulnerability in Belkin WeMo Home Automation Firmware
CVE-2013-6948

Currently unrated

Key Information:

Vendor

Belkin

Vendor
CVE Published:
22 February 2014

What is CVE-2013-6948?

The peerAddresses API in the Belkin WeMo Home Automation firmware versions prior to 3949 is vulnerable to an XML External Entity (XXE) attack. This vulnerability enables remote attackers to exploit the API and gain unauthorized access to read sensitive files by crafting an XML document that includes an external entity declaration. The issue arises from improper validation of user-supplied input, exposing the system to potential data leakage and security risks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.