Vulnerabilities > CVE-2013-6950 - Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
belkin
CWE-310

Summary

The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server.

Vulnerable Configurations

Part Description Count
Application
Belkin
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 65631 CVE(CAN) ID: CVE-2013-6950 Belkin Wemo Home Automation devices 是家电远程控制系列产品。 Belkin Wemo Home Automation固件的分发过程没有使用SSL加密,用明文传输敏感信息,在实现上存在信息泄露漏洞,攻击者可利用此漏洞获取敏感信息。 0 Belkin Wemo Home Automation 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation
idSSV:61487
last seen2017-11-19
modified2014-02-20
published2014-02-20
reporterRoot
titleBelkin Wemo Home Automation中间人信息泄露漏洞