Wemo: Difference between revisions
mNo edit summary |
Added info to the vulnerabilities section |
||
| Line 27: | Line 27: | ||
==Incidents== | ==Incidents== | ||
===Security vulnerabilites=== | ===Security vulnerabilites=== | ||
On November 5, 2013, Wemo updated its API to prevent future XML injection attacks.<ref>https://www.belkin.com/support-article/?articleNum=80322</ref> | |||
On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the devices could be exploited through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network."<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref>https://apps.apple.com/us/app/wemo/id511376996</ref> | |||
==Products== | ==Products== | ||