The name length is limited to 30 characters or less, but this rule is only enforced by the app itself.The device is managed by a mobile application that allows its user to change the device name (a.k.a.
Wemo Mini Smart Plug V2 is a popular consumer device that helps users remote-control electric devices.This will be a long post so as a public service, here are key points: In this post, we wanted to provide a behind-the-scenes look at our work and talk about our latest discovery-a buffer overflow vulnerability ( CVE-2023-27217) in a Wemo Mini Smart Plug V2 (model F7C063) device.īelow, we will share the story of how we were able to reverse-engineer the device, gain firmware access, and leverage it to discover the security flaw.įurthermore, we will demonstrate how this vulnerability could be exploited for remote command execution and offer some suggestions for security best practices that could have prevented the issue. Part of our work at Sternum includes constant security research of IoT vulnerabilities to better understand IoT security gaps, boost the security capabilities of our platform and help device manufacturers improve their security postures.
0 kommentar(er)
