CVE-2013-6948

Belkin WeMo Home Automation Firmware - XML External Entity Injection via peerAddresses API

Title source: llm
STIX 2.1

Description

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (2)

Core 2
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/656302

Scores

EPSS 0.0163
EPSS Percentile 73.3%

Details

CWE
CWE-94
Status published
Products (1)
belkin/wemo_home_automation_firmware 2769
Published Feb 22, 2014
Tracked Since Feb 18, 2026