← back
CVE-2019-12780observed exploitation

CVE-2019-12780

62Vexday Risk Score

Patch now. It exploitation observed by VulnCheck and has a working public exploit.

ssvc Actepss 72%
from disclosure to weapon0 days
Published on NVDJun 10
metasploitApr 4
VulnCheck+3d
exploitation probability
72%top 1% of all CVEs
observed exploitation
yesVulnCheck
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
Affected products
n/a · n/a