Wemo: Difference between revisions
Remove dead citation and associated statement; Fix typos |
→References: X -> Nitter |
||
| Line 29: | Line 29: | ||
On 5 November 2013, Wemo updated its API to prevent future XML injection attacks.<ref>{{Cite web |author= |title=Wemo® and Security |url=https://www.belkin.com/support-article/?articleNum=80322 |website=[[Belkin]] |date= |access-date=19 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20230926192207/https://www.belkin.com/support-article/?articleNum=80322 |archive-date=26 Sep 2023}}</ref> | On 5 November 2013, Wemo updated its API to prevent future XML injection attacks.<ref>{{Cite web |author= |title=Wemo® and Security |url=https://www.belkin.com/support-article/?articleNum=80322 |website=[[Belkin]] |date= |access-date=19 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20230926192207/https://www.belkin.com/support-article/?articleNum=80322 |archive-date=26 Sep 2023}}</ref> | ||
On 16 May 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>{{Cite web |last1=Serper |first1=Amit |last2=Yakar |first2=Reuven |title=‘FriendlyName’ Buffer Overflow Vulnerability in Wemo Smart Plug V2 |url=https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ |website=Sternum |date=16 May 2023 |access-date=19 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20230516160431/https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ |archive-date=16 May 2023}}</ref> The study mentions the device could be exploited through a program called pyWemo<ref>{{Cite web |last=Lakshmanan |first=Ravie |title=Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs |url=https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html |website=The Hacker News |date=17 May 2023 |access-date=19 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20230517155641/https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html |archive-date=17 May 2023}}</ref> and potentially through cloud controls.<ref>{{Cite web |last=Davis |first=Wes |title=PSA: time to recycle your old Wemo smart plugs (if you haven’t already) |url=https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability |website=The Verge |date=16 May 2023 |access-date=29 Mar 2025 |url-status=live |archive-url=https://web.archive.org/web/20230517021155/https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability |archive-date=17 May 2023}}</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user's local network",<ref>{{Cite web |author=WEMOcares |title=WEMOcares on X |url=https:// | On 16 May 2023, multiple websites reported a Sternum study regarding a buffer overflow vulnerability in the Wemo Mini Smart Plug V2.<ref>{{Cite web |last1=Serper |first1=Amit |last2=Yakar |first2=Reuven |title=‘FriendlyName’ Buffer Overflow Vulnerability in Wemo Smart Plug V2 |url=https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ |website=Sternum |date=16 May 2023 |access-date=19 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20230516160431/https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ |archive-date=16 May 2023}}</ref> The study mentions the device could be exploited through a program called pyWemo<ref>{{Cite web |last=Lakshmanan |first=Ravie |title=Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs |url=https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html |website=The Hacker News |date=17 May 2023 |access-date=19 Feb 2026 |url-status=live |archive-url=https://web.archive.org/web/20230517155641/https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html |archive-date=17 May 2023}}</ref> and potentially through cloud controls.<ref>{{Cite web |last=Davis |first=Wes |title=PSA: time to recycle your old Wemo smart plugs (if you haven’t already) |url=https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability |website=The Verge |date=16 May 2023 |access-date=29 Mar 2025 |url-status=live |archive-url=https://web.archive.org/web/20230517021155/https://www.theverge.com/2023/5/16/23725290/wemo-smart-plug-v2-smart-home-security-vulnerability |archive-date=17 May 2023}}</ref> In their official response, Wemo stated "we believe that bad actors cannot exploit this vulnerability unless they have access to the user's local network",<ref>{{Cite web |author=WEMOcares |date=17 May 2023 |title=WEMOcares on X |url=https://nitter.catsarch.com/WEMOcares/status/1658963426230562819 |url-status=live |archive-url=https://web.archive.org/web/20260324184234/https://nitter.catsarch.com/WEMOcares/status/1658963426230562819 |archive-date=24 Mar 2026 |access-date=19 Mar 2025 |website=[[X]]}}</ref> and "We discontinued the Wemo Mini Smart Plug V2 (F7C063) in 2020"<ref>{{Cite web |author=WEMOcares |date=17 May 2023 |title=WEMOcares on X |url=https://nitter.catsarch.com/WEMOcares/status/1658963635882938374 |url-status=live |archive-url=https://web.archive.org/web/20260324184237/https://nitter.catsarch.com/WEMOcares/status/1658963635882938374 |archive-date=24 Mar 2026 |access-date=19 Feb 2026 |website=[[X]]}}</ref> despite not making this information publicly available prior. During this report, the Wemo app hadn't been updated in two years, with the most recent update being on February 23, 2021, as previously mentioned.<ref name="AAS" /> | ||
===Connection issues (''2018—2026'')=== | ===Connection issues (''2018—2026'')=== | ||