Описание
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:belkin:crock-pot_smart_slow_cooker_with_wemo_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:belkin:crock-pot_smart_slow_cooker_with_wemo:-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.85243
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
EPSS
Процентиль: 99%
0.85243
Высокий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78