Belkin: >> Crock-Pot Smart Slow Cooker With Wemo Security Vulnerabilities
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
CVSS Score
9.8
EPSS Score
0.394
Published
2019-06-10