CVE-2023-33768

MEDIUM

Belkin Wemo Smart Plug WSP080 <1.2 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-33768. PoCs published by Fr0stM0urne, purseclab.

AI-analyzed exploit summary This PoC exploits CVE-2023-33768, a DoS vulnerability in Belkin Wemo Smart Plug WSP080 due to incorrect firmware signature verification. It uses Frida to inject modified firmware URLs into the Wemo Android app, causing the device to brick upon receiving crafted firmware.

Description

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.

Exploits (2)

nomisec WORKING POC 1 stars
by Fr0stM0urne · poc
https://github.com/Fr0stM0urne/CVE-2023-33768

This PoC exploits CVE-2023-33768, a DoS vulnerability in Belkin Wemo Smart Plug WSP080 due to incorrect firmware signature verification. It uses Frida to inject modified firmware URLs into the Wemo Android app, causing the device to brick upon receiving crafted firmware.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Belkin Wemo Smart Plug WSP080 v1.2, Wemo Android App (com.belkin.wemoandroid)
No auth needed
Prerequisites: Physical access to Android device with Wemo app installed · Frida installed on the device · Modified firmware hosted on a web server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by purseclab · poc
https://github.com/purseclab/CVE-2023-33768

This PoC exploits CVE-2023-33768, a DoS vulnerability in Belkin Wemo Smart Plug WSP080 v1.2 due to incorrect firmware signature verification. It uses Frida to inject a modified firmware URL into the Wemo Android app, causing the device to brick upon receiving the crafted firmware.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Belkin Wemo Smart Plug WSP080 v1.2, Wemo Android App (com.belkin.wemoandroid)
No auth needed
Prerequisites: Physical access to the Android device or ADB access · Frida installed on the Android device · Modified firmware hosted on a web server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 6.5
EPSS 0.0090
EPSS Percentile 55.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-347
Status published
Products (1)
belkin/wemo_smart_plug_wsp080_firmware 1.2
Published Jul 13, 2023
Tracked Since Feb 18, 2026