Remote Connection Hijacking in Belkin WeMo Home Automation Firmware
CVE-2013-6949

Currently unrated

Key Information:

Vendor: Belkin
Status: Wemo Home Automation Firmware
Vendor: CVE Published:; 22 February 2014

What is CVE-2013-6949?

The Belkin WeMo Home Automation firmware before version 3949 is susceptible to exploitation due to improper handling of STUN and TURN protocols. This vulnerability enables remote attackers to hijack network connections via a single compromised WeMo device, potentially leading to unauthorized access and control over connected home automation systems.

References

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lit...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/656302

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2014
Vulnerability Reserved
Dec 4, 2013