Denial of Service Vulnerability in Belkin Wemo Switch Devices
CVE-2019-17532

7.5HIGH

Key Information:

Vendor

Belkin

Status
Wemo Switch 28b Firmware
Vendor
CVE Published:
12 October 2019

What is CVE-2019-17532?

A security issue has been identified in Belkin Wemo Switch devices, specifically version 28B WW_2.00.11057.PVT-OWRT-SNS, that enables remote attackers to trigger a denial of service. This is facilitated by sending a specially crafted 'ruleDbBody' element within a StoreRules request to the URI /upnp/control/rules1, leading to database corruption and subsequent persistent rules-processing outages.

References

https://github.com/badnack/wemo_dos
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.