We reached out to Belkin (the device manufacturer) with our findings.Leveraging these findings, we were able to demonstrate how the vulnerability can be used for command injection.Through experimentation, we learned that we could obtain a measure of control and predictability over how the overflow occurred.Through reverse engineering, we saw that circumventing the character limit resulted in a buffer overflow.The name length is limited to 30 characters or less, but this rule is only enforced by the app itself.The device is managed by a mobile application that allows its user to change the device name (a.k.a.Wemo Mini Smart Plug V2 is a popular consumer device that helps users remote-control electric devices.This will be a long post so as a public service, here are key points: In this post, we wanted to provide a behind-the-scenes look at our work and talk about our latest discovery-a buffer overflow vulnerability ( CVE-2023-27217) in a Wemo Mini Smart Plug V2 (model F7C063) device.īelow, we will share the story of how we were able to reverse-engineer the device, gain firmware access, and leverage it to discover the security flaw.įurthermore, we will demonstrate how this vulnerability could be exploited for remote command execution and offer some suggestions for security best practices that could have prevented the issue.
Part of our work at Sternum includes constant security research of IoT vulnerabilities to better understand IoT security gaps, boost the security capabilities of our platform and help device manufacturers improve their security postures.
0 kommentar(er)
