CVE-2023-33768

Опубликовано: 13 июл. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

Ссылки

https://github.com/purseclab/CVE-2023-33768
Exploit
Third Party Advisory
https://play.google.com/store/apps/details?id=com.belkin.wemoandroid&hl=en_US&gl=US
Product
https://www.amazon.com/Control-Devices-Remotely-Assistant-HomeKit/dp/B08CJGZZZ1
Product
https://github.com/purseclab/CVE-2023-33768
Exploit
Third Party Advisory
https://play.google.com/store/apps/details?id=com.belkin.wemoandroid&hl=en_US&gl=US
Product
https://www.amazon.com/Control-Devices-Remotely-Assistant-HomeKit/dp/B08CJGZZZ1
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:belkin:wemo_smart_plug_wsp080_firmware:1.2:*:*:*:*:*:*:*

cpe:2.3:h:belkin:wemo_smart_plug_wsp080:-:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.0156

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-347

Связанные уязвимости

GHSA-8c5w-9g3p-g72c