Lucene search

[email protected]CVE-2013-6950

HistoryFeb 22, 2014 - 9:55 p.m.

CVE-2013-6950

2014-02-2221:55:09

CWE-310

[email protected]

web.nvd.nist.gov

belkin wemo

home automation

firmware

ssl

man-in-the-middle

attack

distribution feed

vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.9%

JSON

The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server.

Affected configurations

NVD

Node

belkinwemo_home_automation_firmwareMatch2769

CPENameOperatorVersion
belkin:wemo_home_automation_firmwarebelkin wemo home automation firmwareeq2769

CPE	Name	Operator	Version
belkin:wemo_home_automation_firmware	belkin wemo home automation firmware	eq	2769

References

www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf

www.kb.cert.org/vuls/id/656302

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for CVE-2013-6950

prion1 cvelist1 seebug1 nvd1 cert1