Sign-up

ID

VAR-201402-0133


CVE

CVE-2013-6949


TITLE

Belkin Wemo Home Automation devices contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#656302

DESCRIPTION

The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device. Belkin Wemo Home Automation devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability types by CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') ( Unintended proxy or relay ) Has been identified. http://cwe.mitre.org/data/definitions/441.htmlMan-in-the-middle attack (man-in-the-middle attack) May allow you to bypass access restrictions through crafted packets. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2013-6949 // CERT/CC: VU#656302 // JVNDB: JVNDB-2013-006069 // CNVD: CNVD-2014-01084 // BID: 65632 // VULHUB: VHN-66951

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-01084

AFFECTED PRODUCTS

vendor:belkinmodel:wemo home automationscope:eqversion:2769

Trust: 1.6

vendor:belkinmodel: - scope: - version: -

Trust: 0.8

vendor:belkinmodel:wemo home automationscope:ltversion:3949

Trust: 0.8

vendor:belkinmodel:international,inc home automation devicesscope: - version: -

Trust: 0.6

sources: CERT/CC: VU#656302 // CNVD: CNVD-2014-01084 // JVNDB: JVNDB-2013-006069 // CNNVD: CNNVD-201402-310 // NVD: CVE-2013-6949

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6949
value: HIGH

Trust: 1.0

NVD: CVE-2013-6949
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01084
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-310
value: CRITICAL

Trust: 0.6

VULHUB: VHN-66951
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6949
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01084
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66951
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-01084 // VULHUB: VHN-66951 // JVNDB: JVNDB-2013-006069 // CNNVD: CNNVD-201402-310 // NVD: CVE-2013-6949

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-66951 // JVNDB: JVNDB-2013-006069 // NVD: CVE-2013-6949

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-310

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201402-310

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006069

PATCH
title:WeMo Home Automationurl:http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006069

EXTERNAL IDS
db:CERT/CCid:VU#656302
Trust: 4.2
db:NVDid:CVE-2013-6949
Trust: 3.4
db:BIDid:65632
Trust: 1.0
db:JVNid:JVNVU97009803
Trust: 0.8
db:JVNDBid:JVNDB-2013-006069
Trust: 0.8
db:CNNVDid:CNNVD-201402-310
Trust: 0.7
db:CNVDid:CNVD-2014-01084
Trust: 0.6
db:VULHUBid:VHN-66951
Trust: 0.1
sources:
            
            
            CERT/CC: VU#656302 // 
            
            
            
            CNVD: CNVD-2014-01084 // 
            
            
            
            VULHUB: VHN-66951 // 
            
            
            
            BID: 65632 // 
            
            
            
            JVNDB: JVNDB-2013-006069 // 
            
            
            
            CNNVD: CNNVD-201402-310 // 
            
            
            
            NVD: CVE-2013-6949

REFERENCES
url:http://www.ioactive.com/pdfs/ioactive_belkin-advisory-lite.pdf
Trust: 3.6
url:http://www.kb.cert.org/vuls/id/656302
Trust: 2.6
url:http://cwe.mitre.org/data/definitions/611.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/321.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/494.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/441.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/319.html
Trust: 0.8
url:http://www.belkin.com/us/products/home-automation/c/wemo-home-automation
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6949
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97009803/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6949
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/656302\
Trust: 0.8
url:http://www.belkin.com/us/products/home-automation/c/wemo-home-automation/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#656302 // 
            
            
            
            CNVD: CNVD-2014-01084 // 
            
            
            
            VULHUB: VHN-66951 // 
            
            
            
            BID: 65632 // 
            
            
            
            JVNDB: JVNDB-2013-006069 // 
            
            
            
            CNNVD: CNNVD-201402-310 // 
            
            
            
            NVD: CVE-2013-6949

CREDITS
Mike Davis of IOActive
Trust: 0.3
sources:
            
            
            BID: 65632

SOURCES
db:CERT/CCid:VU#656302
db:CNVDid:CNVD-2014-01084
db:VULHUBid:VHN-66951
db:BIDid:65632
db:JVNDBid:JVNDB-2013-006069
db:CNNVDid:CNNVD-201402-310
db:NVDid:CVE-2013-6949

LAST UPDATE DATE
2025-04-11T22:48:23.185000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#656302date:2014-07-29T00:00:00
db:CNVDid:CNVD-2014-01084date:2014-02-20T00:00:00
db:VULHUBid:VHN-66951date:2014-03-06T00:00:00
db:BIDid:65632date:2014-02-18T00:00:00
db:JVNDBid:JVNDB-2013-006069date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-310date:2014-02-25T00:00:00
db:NVDid:CVE-2013-6949date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#656302date:2014-02-18T00:00:00
db:CNVDid:CNVD-2014-01084date:2014-02-20T00:00:00
db:VULHUBid:VHN-66951date:2014-02-22T00:00:00
db:BIDid:65632date:2014-02-18T00:00:00
db:JVNDBid:JVNDB-2013-006069date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-310date:2014-02-25T00:00:00
db:NVDid:CVE-2013-6949date:2014-02-22T21:55:09.233