Firmware Vulnerabilities in Belkin WeMo Home Automation Products
CVE-2013-6950

Currently unrated

Key Information:

Vendor: Belkin
Status: Wemo Home Automation Firmware
Vendor: CVE Published:; 22 February 2014

What is CVE-2013-6950?

The Belkin WeMo Home Automation firmware prior to version 3949 is vulnerable due to the absence of SSL in its distribution feed. This lack of encryption permits man-in-the-middle attackers to potentially install unauthorized firmware by impersonating a legitimate distribution server, increasing the risk of unauthorized control over connected devices.

References

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lit...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/656302

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2014
Vulnerability Reserved
Dec 4, 2013