CVE-2019-17532

Name of the Vulnerable Software and Affected Versions Belkin Wemo Switch version 28B WW 2.00.11057.PVT-OWRT-SNS

Description The issue allows remote attackers to cause a denial of service, resulting in a persistent rules-processing outage. This is achieved by sending a crafted ruleDbBody element in a StoreRules request to the "upnp/control/rules1" URI, which causes database corruption.

Recommendations For Belkin Wemo Switch version 28B WW 2.00.11057.PVT-OWRT-SNS, as a temporary workaround, consider restricting access to the "upnp/control/rules1" URI to minimize the risk of exploitation. Avoid using the ruleDbBody element in StoreRules requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.