CVE-2013-6949

{"id": "CVE-2013-6949", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-02-22T21:55:09.233", "references": [{"url": "http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/656302", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device."}, {"lang": "es", "value": "La versi\u00f3n de firmware anterior a 3949 de Belkin WeMo Home Automation, no usa apropiadamente los protocolos STUN y TURN, lo que permite a los atacantes remotos secuestrar conexiones y posiblemente tener otro impacto no especificado aprovechando el acceso a un solo dispositivo WeMo."}], "lastModified": "2014-03-06T04:49:56.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:belkin:wemo_home_automation_firmware:2769:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28ACACEF-ADE2-4A54-8F6D-281167EA4A0C"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}