4 matches found
CVE-2019-12780
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication...
Belkin Wemo UPnP API OS Command Injection (CVE-2019-12780)
A command injection vulnerability exists in Belkin Wemo. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2019-12780
CVE-2019-12780 affects Belkin Wemo UPnP API used by the Crock-Pot, where the SetSmartDevInfo action accepts a SmartDevURL that can be abused to inject commands. A simple POST to /upnp/control/basicevent1 without authentication can execute arbitrary commands on the device. Public references in the...
CVE-2019-12780
creationtimestamp| type| source ---|---|--- 2019-02-19 19:55:27+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/upnp/belkinwemoupnpexec.rb 2020-10-09 14:13:50+00:00| seen| MISP/b6fb39e0-8665-41f9-bc21-88d7f1945ec4 2024-10-24 00:00:00+00:00| exploited...