Wemo: Difference between revisions - Consumer_Action

Line 29:

On November 5, 2013, Wemo updated its API to prevent future XML injection attacks.<ref>https://www.belkin.com/support-article/?articleNum=80322</ref>

On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the ~~devices~~ could be exploited through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network."<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref>https://apps.apple.com/us/app/wemo/id511376996</ref>

On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the device could be exploited through a program called pyWemo<ref>https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html</ref> and potentially through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network."<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref>https://apps.apple.com/us/app/wemo/id511376996</ref>

==Products==

@@ Line 29: / Line 29: @@
 On November 5, 2013, Wemo updated its API to prevent future XML injection attacks.<ref>https://www.belkin.com/support-article/?articleNum=80322</ref>
-On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the devices could be exploited through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network."<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref>https://apps.apple.com/us/app/wemo/id511376996</ref>
+On May 16, 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/</ref> The study mentions the device could be exploited through a program called pyWemo<ref>https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html</ref> and potentially through cloud controls.<ref>https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user’s local network."<ref>https://x.com/WEMOcares/status/1658963426230562819</ref> During this report, the Wemo app hadn't been updated in 2 years, with the most recent update being on February 23, 2021.<ref>https://apps.apple.com/us/app/wemo/id511376996</ref>
 ==Products==