XML External Entity Vulnerability in Belkin WeMo Home Automation Firmware
CVE-2013-6948
Currently unrated
What is CVE-2013-6948?
The peerAddresses API in the Belkin WeMo Home Automation firmware versions prior to 3949 is vulnerable to an XML External Entity (XXE) attack. This vulnerability enables remote attackers to exploit the API and gain unauthorized access to read sensitive files by crafting an XML document that includes an external entity declaration. The issue arises from improper validation of user-supplied input, exposing the system to potential data leakage and security risks.