112 matches found
Belkin Wemo - Arbitrary Firmware Upload
No description provided by source. Exploit Title: Belkin Wemo Arbitrary Firmware Vulnerability Date: 4/3/13 Exploit Author: Daniel Buentello Vendor Homepage: http://www.belkin.com/us/wemo Version: Any version prior to WeMoUS2.00.2176.PVT CVE : CVE-2013-2748 POST /upnp/control/firmwareupdate1...
CVE-2013-6950
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server...
CVE-2013-6952
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data...
CVE-2013-6949
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device...
CVE-2013-6948
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2013-6951
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate...
Design/Logic Flaw
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server...
Code injection
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device...
Hardcoded credentials
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data...
Code injection
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate...
Xxe
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2013-6952
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data...
CVE-2013-6950
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server...
CVE-2013-6948
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2013-6949
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device...
CVE-2013-6951
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate...
CVE-2013-6951
The CVE-2013-6951 entry concerns Belkin Wemo Home Automation firmware prior to version 3949, which does not maintain a local set of CA public keys. This flaw enables man-in-the-middle attackers to spoof SSL servers by presenting arbitrary X.509 certificates, compromising SSL/TLS integrity for aff...
CVE-2013-6952
The CVE-2013-6952 issue affects Belkin WeMo Home Automation firmware prior to 3949, which contains a hardcoded GPG key that could allow remote attackers to sign a malicious firmware update and execute arbitrary code via crafted signed data. Impact described across sources indicates potential remo...
CVE-2013-6950
CVE-2013-6950 affects Belkin Wemo Home Automation firmware prior to 3949, where the distribution feed did not use SSL, enabling MITM-style firmware spoofing. The issue is mitigated by Belkin’s updates (firmware 3949 and SSL-enabled distribution feed) released in 2014, plus app updates, which add ...
CVE-2013-6949
CVE-2013-6949 concerns Belkin Wemo Home Automation devices: the firmware before 3949 does not properly use STUN/TURN, enabling a remote attacker who controls one device to relay connections to other Wemo devices. The impact is described as hijacking connections with potential further impact; expl...