# Title: Belkin WeMo
Information Exposure
# Date: 5/9/13
# Author: Mickey
Shkatov
# Vendor Homepage: http://www.belkin.com/us/wemo
# Version: Any
version prior to
US
: WeMo_US_2.00.2176.PVT
World
Wide :WeMo_WW_2.00.2176.PVT
# CVE: CVE 2013-3518
Overview:
Belkin WeMo devices
with firmware prior to WeMo_US_2.00.2176.PVT allow physically proximate
attackers to access the file system and extract the private key, public key,
trust chain and passphrase used to encrypt Belkin firmware.
Impact:
Affected products:
- Belkin WeMo
- Other: Since the same encryption keys are
used for other Belkin products, all those products are susceptible to malicious
modification.
Timeline:
Jan 10 2013 -
Contacted Belkin support.
Jan 11 2013 - Belkin
support replies with request for details.
Jan 11 2013 -
Description of vulnerability sent.
Mar 28 2013 - A fix
to the Firmware has been published by Belkin.
Apr 7 2013 - Fix confirmed.
