Belkin Wemo Switch Arbitrary Firmware Upload Vulnerability
BID:58929
CVE-2013-2748 |Info
Belkin Wemo Switch Arbitrary Firmware Upload Vulnerability
| Bugtraq ID: | 58929 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-2748 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 08 2013 12:00AM |
| Updated: | Apr 08 2013 12:00AM |
| Credit: | Daniel Buentello |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Belkin Wemo Switch Arbitrary Firmware Upload Vulnerability
Belkin Wemo Switch is prone to a vulnerability that lets attackers upload arbitrary firmware. The issue occurs because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary firmware to the affected device; this can result in an arbitrary code execution within the context of the vulnerable application.
Belkin Wemo Switch is prone to a vulnerability that lets attackers upload arbitrary firmware. The issue occurs because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary firmware to the affected device; this can result in an arbitrary code execution within the context of the vulnerable application.
Exploit / POC
Belkin Wemo Switch Arbitrary Firmware Upload Vulnerability
The following example input data is available:
The following example input data is available:
Solution / Fix
Belkin Wemo Switch Arbitrary Firmware Upload Vulnerability
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
References
Belkin Wemo Switch Arbitrary Firmware Upload Vulnerability
References:
References: