Lucene search

[email protected]CVE-2013-6951

HistoryFeb 22, 2014 - 9:55 p.m.

CVE-2013-6951

2014-02-2221:55:09

CWE-310

[email protected]

web.nvd.nist.gov

belkin wemo

home automation

firmware

vulnerability

cve-2013-6951

ssl

x.509

certificate spoofing

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.2%

JSON

The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.

Affected configurations

NVD

Node

belkinwemo_home_automation_firmwareMatch2769

CPENameOperatorVersion
belkin:wemo_home_automation_firmwarebelkin wemo home automation firmwareeq2769

CPE	Name	Operator	Version
belkin:wemo_home_automation_firmware	belkin wemo home automation firmware	eq	2769

References

www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf

www.kb.cert.org/vuls/id/656302

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.2%

JSON

Related for CVE-2013-6951

prion1 cvelist1 seebug1 nvd1 cert1