CVE-2013-6949 — HIGH (9.3) — White Hats Nepal

Vulnerability Description

The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Belkin	Wemo Home Automation Firmware	2769

Related Weaknesses (CWE)

CWE-264

References

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf
http://www.kb.cert.org/vuls/id/656302US Government Resource
http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf
http://www.kb.cert.org/vuls/id/656302US Government Resource

FAQ

What is CVE-2013-6949?

CVE-2013-6949 is a vulnerability with a CVSS score of 9.3 (HIGH). The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact b...

How severe is CVE-2013-6949?

CVE-2013-6949 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-6949?

Check the references section above for vendor advisories and patch information. Affected products include: Belkin Wemo Home Automation Firmware.