The Belkin Wemo Mini Smart Plug V2 (F7C063) has been found to contain a vulnerability, CVE-2023-27217, which can allow a malicious actor to remotely inject malicious commands. This is due to the lack of validation when assigning a FriendlyName to the device, which can cause a buffer overflow if it exceeds the character limit. Belkin has chosen not to address the issue as the device is nearing the end of its life. To protect themselves, users are advised to not expose the plug directly to the internet and to ensure segmentation measures are in place if they have deployed it in sensitive networks. Igal Zeifman, Sternum’s VP of Marketing, commented that this is what happens when devices are shipped without on-device protection and that relying on patching will always leave users behind the attacker.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.