Man-in-the-middle Vulnerability in Belkin WeMo Home Automation Firmware
CVE-2013-6951

Currently unrated

Key Information:

Vendor: Belkin
Status: Wemo Home Automation Firmware
Vendor: CVE Published:; 22 February 2014

What is CVE-2013-6951?

The Belkin WeMo Home Automation firmware prior to version 3949 lacks adequate protection by not maintaining a set of trusted Certification Authority public keys. This oversight allows attackers to exploit the system by performing man-in-the-middle attacks, presenting forged SSL servers that can accept arbitrary X.509 certificates, thereby compromising the integrity and confidentiality of communications.

References

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lit...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/656302

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2014
Vulnerability Reserved
Dec 4, 2013