Man-in-the-middle Vulnerability in Belkin WeMo Home Automation Firmware
CVE-2013-6951

Currently unrated

Key Information:

Vendor

Belkin

Vendor
CVE Published:
22 February 2014

What is CVE-2013-6951?

The Belkin WeMo Home Automation firmware prior to version 3949 lacks adequate protection by not maintaining a set of trusted Certification Authority public keys. This oversight allows attackers to exploit the system by performing man-in-the-middle attacks, presenting forged SSL servers that can accept arbitrary X.509 certificates, thereby compromising the integrity and confidentiality of communications.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.