CVE-2019-12780

Name of the Vulnerable Software and Affected Versions Belkin Wemo Enabled Crock-Pot (affected versions not specified)

Description The issue concerns command injection in the Wemo UPnP API. Specifically, it affects the SmartDevURL argument to the SetSmartDevInfo action. An attacker can exploit this by sending a simple POST request to the "/upnp/control/basicevent1" API endpoint, allowing the execution of commands without requiring authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.