CVE-2013-6948

Name of the Vulnerable Software and Affected Versions Belkin WeMo Home Automation firmware versions prior to 3949

Description The issue concerns an XML External Entity (XXE) problem, allowing remote attackers to read arbitrary files. This is achieved by using an XML document that contains an external entity declaration in conjunction with an entity reference, targeting the peerAddresses API.

Recommendations For versions prior to 3949, update the firmware to version 3949 or later to resolve the issue. As a temporary workaround, consider restricting access to the peerAddresses API until the update is applied.