# Title: Belkin WeMo Information Exposure
# Date: 5/9/13
# Author: Mickey Shkatov
# Vendor Homepage: http://www.belkin.com/us/wemo
# Version: Any version prior to
US : WeMo_US_2.00.2176.PVT
World Wide :WeMo_WW_2.00.2176.PVT
# CVE: CVE 2013-3518
Belkin WeMo devices with firmware prior to WeMo_US_2.00.2176.PVT allow physically proximate attackers to access the file system and extract the private key, public key, trust chain and passphrase used to encrypt Belkin firmware.
- Belkin WeMo
- Other: Since the same encryption keys are used for other Belkin products, all those products are susceptible to malicious modification.
Jan 10 2013 - Contacted Belkin support.
Jan 11 2013 - Belkin support replies with request for details.
Jan 11 2013 - Description of vulnerability sent.
Mar 28 2013 - A fix to the Firmware has been published by Belkin.
Apr 7 2013 - Fix confirmed.