VAR-201402-0135
Vulnerability from variot - Updated: 2025-04-11 22:48The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate. Belkin Wemo Home Automation devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-494: Download of Code Without Integrity Check ( Download unconfirmed code ) Has been identified. http://cwe.mitre.org/data/definitions/494.htmlMan-in-the-middle attacks (man-in-the-middle attack) By any X.509 Through the certificate SSL There is a possibility of impersonating a server. Belkin Wemo Home Automation devices failed to store local certificates to verify the integrity of the SSL link, allowing remote attackers to exploit the vulnerability without having to check the download code for integrity. A remote attacker can leverage this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0135",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wemo home automation",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "2769"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "wemo home automation",
"scope": "lt",
"trust": 0.8,
"vendor": "belkin",
"version": "3949"
},
{
"model": "international,inc home automation devices",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-312"
},
{
"db": "NVD",
"id": "CVE-2013-6951"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:belkin:wemo_home_automation_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Davis of IOActive",
"sources": [
{
"db": "BID",
"id": "65633"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6951",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6951",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01116",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-66953",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6951",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-6951",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-01116",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-312",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-66953",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"db": "VULHUB",
"id": "VHN-66953"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-312"
},
{
"db": "NVD",
"id": "CVE-2013-6951"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate. Belkin Wemo Home Automation devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-494: Download of Code Without Integrity Check ( Download unconfirmed code ) Has been identified. http://cwe.mitre.org/data/definitions/494.htmlMan-in-the-middle attacks (man-in-the-middle attack) By any X.509 Through the certificate SSL There is a possibility of impersonating a server. Belkin Wemo Home Automation devices failed to store local certificates to verify the integrity of the SSL link, allowing remote attackers to exploit the vulnerability without having to check the download code for integrity. \nA remote attacker can leverage this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6951"
},
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"db": "BID",
"id": "65633"
},
{
"db": "VULHUB",
"id": "VHN-66953"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#656302",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2013-6951",
"trust": 3.4
},
{
"db": "BID",
"id": "65633",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU97009803",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006071",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-312",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01116",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-66953",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"db": "VULHUB",
"id": "VHN-66953"
},
{
"db": "BID",
"id": "65633"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-312"
},
{
"db": "NVD",
"id": "CVE-2013-6951"
}
]
},
"id": "VAR-201402-0135",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"db": "VULHUB",
"id": "VHN-66953"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01116"
}
]
},
"last_update_date": "2025-04-11T22:48:23.298000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WeMo Home Automation",
"trust": 0.8,
"url": "http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66953"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"db": "NVD",
"id": "CVE-2013-6951"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.ioactive.com/pdfs/ioactive_belkin-advisory-lite.pdf"
},
{
"trust": 2.3,
"url": "http://www.kb.cert.org/vuls/id/656302"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/611.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/494.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/441.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/products/home-automation/c/wemo-home-automation"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6951"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97009803/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6951"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/656302\\"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"db": "VULHUB",
"id": "VHN-66953"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-312"
},
{
"db": "NVD",
"id": "CVE-2013-6951"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#656302"
},
{
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"db": "VULHUB",
"id": "VHN-66953"
},
{
"db": "BID",
"id": "65633"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-312"
},
{
"db": "NVD",
"id": "CVE-2013-6951"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-18T00:00:00",
"db": "CERT/CC",
"id": "VU#656302"
},
{
"date": "2014-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"date": "2014-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-66953"
},
{
"date": "2014-02-18T00:00:00",
"db": "BID",
"id": "65633"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"date": "2014-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-312"
},
{
"date": "2014-02-22T21:55:09.280000",
"db": "NVD",
"id": "CVE-2013-6951"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#656302"
},
{
"date": "2014-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01116"
},
{
"date": "2014-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-66953"
},
{
"date": "2014-03-04T02:11:00",
"db": "BID",
"id": "65633"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006071"
},
{
"date": "2014-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-312"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-6951"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-312"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Wemo Home Automation devices contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#656302"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-312"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…