Lucene search
K

112 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Belkin Wemo - Arbitrary Firmware Upload

No description provided by source. Exploit Title: Belkin Wemo Arbitrary Firmware Vulnerability Date: 4/3/13 Exploit Author: Daniel Buentello Vendor Homepage: http://www.belkin.com/us/wemo Version: Any version prior to WeMoUS2.00.2176.PVT CVE : CVE-2013-2748 POST /upnp/control/firmwareupdate1...

9.2AI score0.1307EPSS
Exploits6
NVD
NVD
added 2014/02/22 9:55 p.m.15 views

CVE-2013-6950

The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server...

7.8CVSS6.6AI score0.01146EPSS
Exploits1References2
NVD
NVD
added 2014/02/22 9:55 p.m.11 views

CVE-2013-6952

The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data...

10CVSS7.6AI score0.03836EPSS
Exploits1References2
NVD
NVD
added 2014/02/22 9:55 p.m.25 views

CVE-2013-6949

The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device...

9.3CVSS7.3AI score0.01866EPSS
Exploits1References2
NVD
NVD
added 2014/02/22 9:55 p.m.20 views

CVE-2013-6948

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

7.8CVSS6.8AI score0.01632EPSS
Exploits1References2
NVD
NVD
added 2014/02/22 9:55 p.m.16 views

CVE-2013-6951

The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate...

7.1CVSS6.6AI score0.00622EPSS
Exploits1References2
Prion
Prion
added 2014/02/22 9:55 p.m.11 views

Design/Logic Flaw

The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server...

7.8CVSS7.1AI score0.01146EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/02/22 9:55 p.m.16 views

Code injection

The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device...

9.3CVSS7.8AI score0.01866EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/02/22 9:55 p.m.11 views

Hardcoded credentials

The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data...

10CVSS8.2AI score0.03836EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/02/22 9:55 p.m.11 views

Code injection

The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate...

7.1CVSS7.1AI score0.00622EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/02/22 9:55 p.m.15 views

Xxe

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

7.8CVSS7.3AI score0.01632EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/02/22 9:0 p.m.19 views

CVE-2013-6952

The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data...

7.6AI score0.03836EPSS
Exploits1References2
Cvelist
Cvelist
added 2014/02/22 9:0 p.m.24 views

CVE-2013-6950

The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server...

6.6AI score0.01146EPSS
Exploits1References2
Cvelist
Cvelist
added 2014/02/22 9:0 p.m.24 views

CVE-2013-6948

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.8AI score0.01632EPSS
Exploits1References2
Cvelist
Cvelist
added 2014/02/22 9:0 p.m.27 views

CVE-2013-6949

The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device...

7.3AI score0.01866EPSS
Exploits1References2
Cvelist
Cvelist
added 2014/02/22 9:0 p.m.23 views

CVE-2013-6951

The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate...

6.6AI score0.00622EPSS
Exploits1References2
CVE
CVE
added 2014/02/22 9:0 p.m.52 views

CVE-2013-6951

The CVE-2013-6951 entry concerns Belkin Wemo Home Automation firmware prior to version 3949, which does not maintain a local set of CA public keys. This flaw enables man-in-the-middle attackers to spoof SSL servers by presenting arbitrary X.509 certificates, compromising SSL/TLS integrity for aff...

7.1CVSS6.8AI score0.00622EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/02/22 9:0 p.m.50 views

CVE-2013-6952

The CVE-2013-6952 issue affects Belkin WeMo Home Automation firmware prior to 3949, which contains a hardcoded GPG key that could allow remote attackers to sign a malicious firmware update and execute arbitrary code via crafted signed data. Impact described across sources indicates potential remo...

10CVSS7.8AI score0.03836EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/02/22 9:0 p.m.52 views

CVE-2013-6950

CVE-2013-6950 affects Belkin Wemo Home Automation firmware prior to 3949, where the distribution feed did not use SSL, enabling MITM-style firmware spoofing. The issue is mitigated by Belkin’s updates (firmware 3949 and SSL-enabled distribution feed) released in 2014, plus app updates, which add ...

7.8CVSS6.8AI score0.01146EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/02/22 9:0 p.m.58 views

CVE-2013-6949

CVE-2013-6949 concerns Belkin Wemo Home Automation devices: the firmware before 3949 does not properly use STUN/TURN, enabling a remote attacker who controls one device to relay connections to other Wemo devices. The impact is described as hijacking connections with potential further impact; expl...

9.3CVSS7.5AI score0.01866EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder