Thursday, May 9, 2013

CVE 2013-3518 - Belkin WeMo Information Exposure

# Title: Belkin WeMo Information Exposure
# Date: 5/9/13
# Author: Mickey Shkatov
# Vendor Homepage:
# Version: Any version prior to
US : WeMo_US_2.00.2176.PVT
World Wide :WeMo_WW_2.00.2176.PVT
 # CVE: CVE 2013-3518

Belkin WeMo devices with firmware prior to WeMo_US_2.00.2176.PVT allow physically proximate attackers to access the file system and extract the private key, public key, trust chain and passphrase used to encrypt Belkin firmware.

Affected products:
 - Belkin WeMo
 - Other: Since the same encryption keys are used for other Belkin products, all those products are susceptible to malicious modification.

Jan 10 2013 - Contacted Belkin support.
Jan 11 2013 - Belkin support replies with request for details.
Jan 11 2013 - Description of vulnerability sent.
Mar 28 2013 - A fix to the Firmware has been published by Belkin.
Apr  7 2013 - Fix confirmed.


  1. This precision machining design is totally printed and doesn't use any electronics or batteries. As may have} seen, tons of|there are numerous} parts that contribute to forming price of|the worth of} a 3D printed part. If may have} been looking out for cute, quaint little cottage core 3D printing ideas then this tiny lantern shall be right up your alley. It makes the proper residence decor merchandise and it is sufficiently small you could put it actually anyplace. Perfect for a style of cottage core without having to rearrange your complete house. Fidget spinners are helpful in sustaining focus for these of us who're somewhat stressed.