Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Strike ID:
E20-0o5g2
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
1
Year:
2018

Description

This strike exploits a buffer overflow vulnerability in the Belkin Wemo Smart Plug. Specifically a stack buffer overflow occurs inside the WemoApp libUPnPHndlr.so library. When an attacker sends a UPnP packet with a specially crafted EnergyPerUnitCostVersion field a crash may occur. It is possible to execute code remotely on the compromised device as the root user, and because the device uses UPnP it is also possible to use the device to attack and control other smart devices like TVs.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6692

References

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/iot-zero-days-is-belkin-wem...