Wvu

**Name of the Vulnerable Software and Affected Versions** Belkin Wemo Enabled Crock-Pot (affected versions not specified) **Description** The issue concerns command injection in the Wemo UPnP API. Specifically, it affects the `SmartDevURL` argument to the `SetSmartDevInfo` action. An attacker can exploit this by sending a simple POST request to the "/upnp/control/basicevent1" API endpoint, allowing the execution of commands without requiring authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.