Wemo Won't Fix Smart Plug Vulnerability Allowing Remote Operation

An anonymous reader shares a report: IoT security research firm Sternum has discovered (and disclosed) a buffer overflow vulnerability in the Wemo Mini Smart Plug V2. The firm's blog post is full of interesting details about how this device works (and doesn't), but a key takeaway is that you can predictably trigger a buffer overflow by passing the device a name longer than its 30-character limit -- a limit enforced solely by Wemo's own apps -- with third-party tools. Inside that overflow you cou