WeMo (IoT) Remote Code Execution Vulnerability - 06.10.2020

I just received this IPS protection from Checkpoint.com on the WeMo devices.

Attack ID:
CPAI-2019-1605

Last Update:
10-June-2020

Tags:

Vendor:
Belkin

Product:
IoT

Threat Year:
2019

Protection Type:
Vulnerability

Vulnerability Effect:
Code Execution

Protocol:
HTTP

Threat Description:

A remote code execution vulnerability is exist in Belkin Wemo UPnP. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation could result in execution of arbitrary code on the affected system.
IPS Protection:

Attack Name: Application Servers Protection Violation

Attack Information: Belkin Wemo UPnP Remote Code Execution

Vulnerable Systems: Belkin Wemo

Thanks, you just reminded me that I’ve been meaning to block the Internet access for my Wemo Maker and Wemo Motion. Belkin hasn’t updated the firmware for either device in years, so there’s really no reason for them to be accessible outside of my LAN.