The second generation version of Belkin’s Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely.
The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum, which reverse-engineered the device and gained firmware access.
Wemo Mini Smart Plug V2 (F7C063) offers convenient remote control, allowing users to turn electronic devices on or off using a companion app installed on a smartphone or tablet.
The heart of the problem lies in a feature that makes it possible to rename the smart plug to a more “FriendlyName.” The default name assigned is “Wemo mini 6E9.”
images from Hacker News