Vulnerabilities > CVE-2013-6952 - Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 65624 CVE(CAN) ID: CVE-2013-6952 Belkin Wemo Home Automation devices 是家电远程控制系列产品。 Belkin Wemo Home Automation固件包含硬编码的密钥和口令,可被远程攻击者利用为恶意固件进行签名。 0 Belkin Wemo Home Automation 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation |
| id | SSV:61488 |
| last seen | 2017-11-19 |
| modified | 2014-02-20 |
| published | 2014-02-20 |
| reporter | Root |
| title | Belkin Wemo Home Automation硬编码密钥漏洞 |