CVE-2013-6951 Information

Description

The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.

Reference

http://www.ioactive.com/pdfs/IOActive_Belkin-advisory-lite.pdf http://www.kb.cert.org/vuls/id/656302