VAR-201402-0133
Vulnerability from variot - Updated: 2025-04-11 22:48The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device. Belkin Wemo Home Automation devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') ( Unintended proxy or relay ) Has been identified. http://cwe.mitre.org/data/definitions/441.htmlMan-in-the-middle attack (man-in-the-middle attack) May allow you to bypass access restrictions through crafted packets. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0133",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wemo home automation",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "2769"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "wemo home automation",
"scope": "lt",
"trust": 0.8,
"vendor": "belkin",
"version": "3949"
},
{
"model": "international,inc home automation devices",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-310"
},
{
"db": "NVD",
"id": "CVE-2013-6949"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:belkin:wemo_home_automation_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Davis of IOActive",
"sources": [
{
"db": "BID",
"id": "65632"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6949",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6949",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01084",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-66951",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6949",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-6949",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-01084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-310",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66951",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"db": "VULHUB",
"id": "VHN-66951"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-310"
},
{
"db": "NVD",
"id": "CVE-2013-6949"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device. Belkin Wemo Home Automation devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027) ( Unintended proxy or relay ) Has been identified. http://cwe.mitre.org/data/definitions/441.htmlMan-in-the-middle attack (man-in-the-middle attack) May allow you to bypass access restrictions through crafted packets. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6949"
},
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"db": "BID",
"id": "65632"
},
{
"db": "VULHUB",
"id": "VHN-66951"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#656302",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2013-6949",
"trust": 3.4
},
{
"db": "BID",
"id": "65632",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU97009803",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006069",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-310",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01084",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-66951",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"db": "VULHUB",
"id": "VHN-66951"
},
{
"db": "BID",
"id": "65632"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-310"
},
{
"db": "NVD",
"id": "CVE-2013-6949"
}
]
},
"id": "VAR-201402-0133",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"db": "VULHUB",
"id": "VHN-66951"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01084"
}
]
},
"last_update_date": "2025-04-11T22:48:23.185000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WeMo Home Automation",
"trust": 0.8,
"url": "http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66951"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"db": "NVD",
"id": "CVE-2013-6949"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.ioactive.com/pdfs/ioactive_belkin-advisory-lite.pdf"
},
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/656302"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/611.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/494.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/441.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/products/home-automation/c/wemo-home-automation"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6949"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97009803/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6949"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/656302\\"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/us/products/home-automation/c/wemo-home-automation/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"db": "VULHUB",
"id": "VHN-66951"
},
{
"db": "BID",
"id": "65632"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-310"
},
{
"db": "NVD",
"id": "CVE-2013-6949"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"db": "VULHUB",
"id": "VHN-66951"
},
{
"db": "BID",
"id": "65632"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-310"
},
{
"db": "NVD",
"id": "CVE-2013-6949"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "CERT/CC",
"id": "VU#656302"
},
{
"date": "2014-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"date": "2014-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-66951"
},
{
"date": "2014-02-18T00:00:00",
"db": "BID",
"id": "65632"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"date": "2014-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-310"
},
{
"date": "2014-02-22T21:55:09.233000",
"db": "NVD",
"id": "CVE-2013-6949"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#656302"
},
{
"date": "2014-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01084"
},
{
"date": "2014-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-66951"
},
{
"date": "2014-02-18T00:00:00",
"db": "BID",
"id": "65632"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006069"
},
{
"date": "2014-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-310"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-6949"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-310"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Wemo Home Automation devices contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#656302"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-310"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…