exploitDog

CVE-2013-6948

Опубликовано: 22 фев. 2014

Источник: nvd

CVSS2: 7.8

EPSS Низкий

Описание

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Ссылки

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf
http://www.kb.cert.org/vuls/id/656302
US Government Resource
http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf
http://www.kb.cert.org/vuls/id/656302
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:belkin:wemo_home_automation_firmware:2769:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00522

Низкий

7.8 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-rm3m-4pv5-384j

github

больше 3 лет назад

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

EPSS

Процентиль: 66%

0.00522

Низкий

7.8 High

CVSS2

Дефекты

CWE-94