Remote Code Execution Vulnerability in Belkin WeMo Home Automation Firmware
CVE-2013-6952

Currently unrated

Key Information:

Vendor

Belkin

Vendor
CVE Published:
22 February 2014

What is CVE-2013-6952?

The Belkin WeMo Home Automation firmware prior to version 3949 contains a hardcoded GPG key, allowing remote attackers to execute arbitrary code. By crafting malicious signed data, attackers can exploit this vulnerability to spoof firmware updates, potentially compromising the devices' functionality and security. This vulnerability highlights the importance of securing firmware against unauthorized modifications and the implications of hardcoded credentials in software products.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.