CVE-2013-6948

Published: Feb 22, 2014Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (1)

Products: Belkin: Wemo Home Automation Firmware

1 product

Wemo Home Automation Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Belkin Wemo Home Automation Firmware	Version 2769

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/656302

Source: cret@cert.org

US Government Resource

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/656302

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.