Lucene search

[email protected]NVD:CVE-2023-33768

HistoryJul 13, 2023 - 4:15 p.m.

CVE-2023-33768

2023-07-1316:15:09

CWE-347

[email protected]

web.nvd.nist.gov

cve-2023-33768

signature verification

firmware update

denial of service

belkin wemo smart plug

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.1%

JSON

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

Affected configurations

Nvd

Node

belkinwemo_smart_plug_wsp080Match-

AND

belkinwemo_smart_plug_wsp080_firmwareMatch1.2

VendorProductVersionCPE
belkinwemo_smart_plug_wsp080-cpe:2.3:h:belkin:wemo_smart_plug_wsp080:-:*:*:*:*:*:*:*
belkinwemo_smart_plug_wsp080_firmware1.2cpe:2.3:o:belkin:wemo_smart_plug_wsp080_firmware:1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
belkin	wemo_smart_plug_wsp080	-	cpe:2.3:h:belkin:wemo_smart_plug_wsp080:-:::::::*
belkin	wemo_smart_plug_wsp080_firmware	1.2	cpe:2.3:o:belkin:wemo_smart_plug_wsp080_firmware:1.2:::::::*

References

github.com/purseclab/CVE-2023-33768

play.google.com/store/apps/details?id=com.belkin.wemoandroid&hl=en_US&gl=US

www.amazon.com/Control-Devices-Remotely-Assistant-HomeKit/dp/B08CJGZZZ1

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.1%

JSON

Related for NVD:CVE-2023-33768

cvelist1 githubexploit2 prion1 cve1