CVE-2023-27217

Name of the Vulnerable Software and Affected Versions Belkin Smart Outlet V2 F7c063 firmware 2.00.11420.OWRT.PVT SNSV2 Wemo Mini Smart Plug V2 (F7C063)

Description A stack-based buffer overflow in the ChangeFriendlyName() function allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request. The issue is related to the function that permits changing the default assigned name, with a name length limited to 30 characters or less, but this rule is only applied by the application itself. Bypassing the character limit using a Python module named pyWeMo can lead to a buffer overflow state, which can then be used to crash the device or execute malicious commands.

Recommendations For Belkin Smart Outlet V2 F7c063 firmware 2.00.11420.OWRT.PVT SNSV2, consider disabling the ChangeFriendlyName() function until a patch is available. For Wemo Mini Smart Plug V2 (F7C063), restrict access to the device from the internet and ensure network segmentation measures are in place to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.