Vulnerabilities > CVE-2013-6951 - Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
COMPLETE Availability impact
NONE Summary
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65633 CVE(CAN) ID: CVE-2013-6951 Belkin Wemo Home Automation devices 是家电远程控制系列产品。 Belkin Wemo Home Automation设备没有本地的证书库来验证SSL连接的完整性,攻击者可利用此漏洞在受影响应用上下文中执行任意代码。 0 Belkin Wemo Home Automation 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation |
| id | SSV:61484 |
| last seen | 2017-11-19 |
| modified | 2014-02-20 |
| published | 2014-02-20 |
| reporter | Root |
| title | Belkin Wemo Home Automation Devices远程代码执行漏洞 |