[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Belkin Wemo 0day exploit (Remote shell + Rapid State change)

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Belkin Wemo 0day exploit (Remote shell + Rapid State change)
From: Daniel Cardenas <dviciousb@xxxxxxxxx>
Date: Wed, 30 Jan 2013 19:32:48 -0600

Discovered several UPnP vulnerabilites which allowed me to gain full shell 
access and modify the state of the device being controlled. Im in the process 
of disclosing to Belkin. PoC soon to come. Link to video below.

http://youtu.be/BcW2q0aHOFo

Belkin WeMo with latest firmware. Able to gain full root access and send 
commands including changing the state of connected device via flaw in UPnP 
implementation. Chose small desk lamp and simple on/off sequence due to safety 
concerns. Real world this could be a fan or space heater and rapidly turn 
on/off without limitation.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Belkin Wemo 0day exploit (remote shell + rapid state change)
Next by Date: [Full-disclosure] DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
Previous by thread: [Full-disclosure] Belkin Wemo 0day exploit (remote shell + rapid state change)
Next by thread: [Full-disclosure] DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
Index(es):
- Date
- Thread