CVE-2019-12780
62Vexday Risk Score
Patch now. It exploitation observed by VulnCheck and has a working public exploit.
ssvc Actepss 72%
from disclosure to weapon0 days
Published on NVDJun 10
metasploitApr 4
VulnCheck+3d
exploitation probability
72%top 1% of all CVEs
observed exploitation
yesVulnCheck
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
Affected products
n/a · n/a