VYPR

Wemo Enabled Crock-Pot

by Belkin

CVEs (1)

  • CVE-2019-12780Jun 10, 2019
    risk 0.10cvss epss 0.72

    The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.