Sign-up

ID

VAR-201402-0136


CVE

CVE-2013-6952


TITLE

Belkin Wemo Home Automation devices contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#656302

DESCRIPTION

The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data. Belkin Wemo Home Automation devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-321: Use of Hard-coded Cryptographic Key ( Using hard-coded encryption keys ) Has been identified. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2013-6952 // CERT/CC: VU#656302 // JVNDB: JVNDB-2013-006072 // CNVD: CNVD-2014-01086 // BID: 65624 // VULHUB: VHN-66954

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-01086

AFFECTED PRODUCTS

vendor:belkinmodel:wemo home automationscope:eqversion:2769

Trust: 1.6

vendor:belkinmodel: - scope: - version: -

Trust: 0.8

vendor:belkinmodel:wemo home automationscope:ltversion:3949

Trust: 0.8

vendor:belkinmodel:international,inc home automation devicesscope: - version: -

Trust: 0.6

sources: CERT/CC: VU#656302 // CNVD: CNVD-2014-01086 // JVNDB: JVNDB-2013-006072 // CNNVD: CNNVD-201402-313 // NVD: CVE-2013-6952

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6952
value: HIGH

Trust: 1.0

NVD: CVE-2013-6952
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01086
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-313
value: CRITICAL

Trust: 0.6

VULHUB: VHN-66954
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6952
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01086
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66954
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-01086 // VULHUB: VHN-66954 // JVNDB: JVNDB-2013-006072 // CNNVD: CNNVD-201402-313 // NVD: CVE-2013-6952

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-66954 // JVNDB: JVNDB-2013-006072 // NVD: CVE-2013-6952

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-313

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201402-313

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006072

PATCH
title:WeMo Home Automationurl:http://www.belkin.com/us/Products/home-automation/c/wemo-home-automation/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006072

EXTERNAL IDS
db:CERT/CCid:VU#656302
Trust: 3.9
db:NVDid:CVE-2013-6952
Trust: 3.4
db:BIDid:65624
Trust: 1.0
db:JVNid:JVNVU97009803
Trust: 0.8
db:JVNDBid:JVNDB-2013-006072
Trust: 0.8
db:CNNVDid:CNNVD-201402-313
Trust: 0.7
db:CNVDid:CNVD-2014-01086
Trust: 0.6
db:VULHUBid:VHN-66954
Trust: 0.1
sources:
            
            
            CERT/CC: VU#656302 // 
            
            
            
            CNVD: CNVD-2014-01086 // 
            
            
            
            VULHUB: VHN-66954 // 
            
            
            
            BID: 65624 // 
            
            
            
            JVNDB: JVNDB-2013-006072 // 
            
            
            
            CNNVD: CNNVD-201402-313 // 
            
            
            
            NVD: CVE-2013-6952

REFERENCES
url:http://www.ioactive.com/pdfs/ioactive_belkin-advisory-lite.pdf
Trust: 3.3
url:http://www.kb.cert.org/vuls/id/656302
Trust: 2.3
url:http://cwe.mitre.org/data/definitions/611.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/321.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/494.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/441.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/319.html
Trust: 0.8
url:http://www.belkin.com/us/products/home-automation/c/wemo-home-automation
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6952
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97009803/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6952
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/656302\
Trust: 0.8
sources:
            
            
            CERT/CC: VU#656302 // 
            
            
            
            CNVD: CNVD-2014-01086 // 
            
            
            
            VULHUB: VHN-66954 // 
            
            
            
            JVNDB: JVNDB-2013-006072 // 
            
            
            
            CNNVD: CNNVD-201402-313 // 
            
            
            
            NVD: CVE-2013-6952

CREDITS
Mike Davis of IOActive
Trust: 0.3
sources:
            
            
            BID: 65624

SOURCES
db:CERT/CCid:VU#656302
db:CNVDid:CNVD-2014-01086
db:VULHUBid:VHN-66954
db:BIDid:65624
db:JVNDBid:JVNDB-2013-006072
db:CNNVDid:CNNVD-201402-313
db:NVDid:CVE-2013-6952

LAST UPDATE DATE
2025-04-11T22:48:23.260000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#656302date:2014-07-29T00:00:00
db:CNVDid:CNVD-2014-01086date:2014-02-20T00:00:00
db:VULHUBid:VHN-66954date:2014-03-06T00:00:00
db:BIDid:65624date:2014-02-18T00:00:00
db:JVNDBid:JVNDB-2013-006072date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-313date:2014-02-28T00:00:00
db:NVDid:CVE-2013-6952date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#656302date:2014-02-18T00:00:00
db:CNVDid:CNVD-2014-01086date:2014-02-20T00:00:00
db:VULHUBid:VHN-66954date:2014-02-22T00:00:00
db:BIDid:65624date:2014-02-18T00:00:00
db:JVNDBid:JVNDB-2013-006072date:2014-02-25T00:00:00
db:CNNVDid:CNNVD-201402-313date:2014-02-26T00:00:00
db:NVDid:CVE-2013-6952date:2014-02-22T21:55:09.313