While this wasn’t in the scope of our research, from what we have gathered, it appears that this vulnerability could be triggered via the Cloud interface (meaning, without a direct connection to the device).

This further highlights the need for the abovementioned steps, as the Wemo Cloud infrastructure could be used as a potential attack vector.

ncG1vNJzZmivp6x7tbTEr5yrn5VjsLC5jmtna2tfanxygo5ranBqZWeGcXvWnqSoZaOirrPAjKmjrp9dq39uv8yaqa1lmKS6pnnSnpquqpmpxm7C1KWlnqqRl7attdOy