Published: 12/10/2019 Updated: 21/07/2021

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 695

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

An issue exists on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote malicious users to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
belkin wemo_switch_28b_firmware wemo_ww_2.00.11057.pvt-owrt-sns

DoS in Wemo Switch 28B

DoS Vulnerability in the Wemo Switch 28B (CVE-2019-17532) The Wemo Switch is a smart socket developed by Belkin In this blogpost, I consider the Wemo switch 28B, whereas the firmware version is WeMo_WW_20011057PVT-OWRT-SNS The way the rules are handled in the device's firmware allows an attacker to perform a DoS on the device and corrupt the database in a way that the

CWE-306 https://github.com/badnack/wemo_dos https://nvd.nist.gov https://github.com/badnack/wemo_dos

CVE-2019-17532

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect