Remote Code Execution Vulnerability in Belkin WeMo Home Automation Firmware
CVE-2013-6952

Currently unrated

Key Information:

Vendor: Belkin
Status: Wemo Home Automation Firmware
Vendor: CVE Published:; 22 February 2014

What is CVE-2013-6952?

The Belkin WeMo Home Automation firmware prior to version 3949 contains a hardcoded GPG key, allowing remote attackers to execute arbitrary code. By crafting malicious signed data, attackers can exploit this vulnerability to spoof firmware updates, potentially compromising the devices' functionality and security. This vulnerability highlights the importance of securing firmware against unauthorized modifications and the implications of hardcoded credentials in software products.

References

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lit...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/656302

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2014
Vulnerability Reserved
Dec 4, 2013