Firmware Update Vulnerability in Belkin Wemo Smart Plug
CVE-2023-33768

6.5MEDIUM

Key Information:

Vendor: Belkin
Status: Wemo Smart Plug Wsp080 Firmware
Vendor: CVE Published:; 13 July 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-33768?

A vulnerability in the firmware update process of the Belkin Wemo Smart Plug WSP080 v1.2 allows unauthorized attack vectors to perform incorrect signature verification. This flaw enables threat actors to leverage crafted firmware files, potentially leading to a Denial of Service (DoS) condition, disrupting the functionality of the device.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-33768
Created by Fr0stM0urne

CVE-2023-33768
Created by purseclab

References

https://play.google.com/store/apps/details?id=com.belkin....

https://www.amazon.com/Control-Devices-Remotely-Assistant...

https://github.com/purseclab/CVE-2023-33768

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jul 29, 2023
👾
Exploit known to exist
Jul 29, 2023
Vulnerability published
Jul 13, 2023
Vulnerability Reserved
May 22, 2023