Vulnerabilities > CVE-2013-6950 - Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65631 CVE(CAN) ID: CVE-2013-6950 Belkin Wemo Home Automation devices 是家电远程控制系列产品。 Belkin Wemo Home Automation固件的分发过程没有使用SSL加密,用明文传输敏感信息,在实现上存在信息泄露漏洞,攻击者可利用此漏洞获取敏感信息。 0 Belkin Wemo Home Automation 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation |
| id | SSV:61487 |
| last seen | 2017-11-19 |
| modified | 2014-02-20 |
| published | 2014-02-20 |
| reporter | Root |
| title | Belkin Wemo Home Automation中间人信息泄露漏洞 |