You returned the Wemo plug because it transmits your wifi password ONCE, in a single packet, on your private internal network?craeyon wrote: ↑ You guys should be careful buying smart home devices especially when they are no-name re-brands like this. I could not find a single entry in the NIST vulnerability database and another CVE vulnerability database. Not in the sense that "oh! no entry! that must mean there are no vulnerabilities" no, more like "shit, this vendor is not even listed"
This Christmas I bought a lot of smart home devices. Lights, vacuums, locks, smart plugs/switches you name it. But I made sure I went through those databases to make sure I didn't but anything that had a critical vulnerability. I made a small mistake buying the Wemo Smart Wifi Plug. Turns out it pretty much broadcasts your wireless network password. You can click here and skip to page 5 to see it.
Shut that shit off and returned it. Given that this device is not even listed does not bode well. I know this is RFD and everyone is out for a deal but sometimes it is better to be slightly more cautious.