112 matches found
Memory corruption
An issue was discovered on Belkin Wemo Switch 28B WW2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service persistent rules-processing outage via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption...
CVE-2019-17532
An issue was discovered on Belkin Wemo Switch 28B WW2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service persistent rules-processing outage via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption...
CVE-2019-17532
Belkin Wemo Switch 28B (WW_2.00.11057.PVT-OWRT-SNS) is affected by CVE-2019-17532. A remote attacker can trigger a denial of service (persistent rules-processing outage) by sending a specially crafted ruleDbBody in a StoreRules request to the upnp/control/rules1 URI, causing database corruption. ...
VulnCheck KEV: CVE-2019-12780
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication...
Command injection
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication...
CVE-2019-12780
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication...
CVE-2019-12780
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication...
CVE-2019-12780
CVE-2019-12780 affects Belkin Wemo UPnP API used by the Crock-Pot, where the SetSmartDevInfo action accepts a SmartDevURL that can be abused to inject commands. A simple POST to /upnp/control/basicevent1 without authentication can execute arbitrary commands on the device. Public references in the...
Mr. Coffee with WeMo: Double Roast
ARCHIVED STORY Mr. Coffee with WeMo: Double Roast By Sam Quinn · May 30, 2019 McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...
Your Smart Coffee Maker is Brewing Up Trouble
ARCHIVED STORY Your Smart Coffee Maker is Brewing Up Trouble By Sam Quinn · Febraury 25, 2019 IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster...
Your Smart Coffee Maker is Brewing Up Trouble
ARCHIVED STORY Your Smart Coffee Maker is Brewing Up Trouble By Sam Quinn · Febraury 25, 2019 IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster...
Belkin Wemo UPnP - Remote Code Execution Exploit
V This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...
Belkin Wemo UPnP - Remote Code Execution (Metasploit)
V This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...
Belkin Wemo UPnP Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...
Belkin Wemo UPnP Remote Code Execution
This module exploits a command injection in the Belkin Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. This module has been tested on a Wemo-enabled Crock-Pot, but other Wemo devices are known to be affected, albeit on a different RPORT 49153. This module requires...
Belkin Wemo-Enabled Crock-Pot Remote Control
This module acts as a simple remote control for Belkin Wemo-enabled Crock-Pots by implementing a subset of the functionality provided by the Wemo App. No vulnerabilities are exploited by this Metasploit module in any way. This module requires Metasploit: https://metasploit.com/download Current...
Belkin Wemo Insight Smart Plug Buffer Overflow (CVE-2018-6692)
A buffer overflow vulnerability exists in Belkin Wemo Insight Smart Plug. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Security Vulnerability in Smart Electric Outlets
A security vulnerability in Belkin's Wemo Insight "smartplugs" allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network. From the Register: The bug underscores the primary risk posed by IoT devices and connected appliances. Because...