CVE-2013-6949

Published Feb 22, 2014

Last updated 11 years ago

Overview

Description: The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:belkin:wemo_home_automation_firmware:2769:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28ACACEF-ADE2-4A54-8F6D-281167EA4A0C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References