On 5/16/2016 we pushed out to all users new WEMO firmware versions.
These firmware updates are required for users who have Nest Thermostats and want to use the new Nest Home / Away rules with their WEMO Switch, Insight, Light Switch and Maker.
Security Updates:
- Special thanks to Mickey Shkatov from Intel Security Advanced Threat Research for discovering these vulerabilities and submitting them to us through responsible disclosure.
Firmware version 10487:
- Switch
- Sensor
- Insight (v1, v2)
- Light Switch
- Security Update: Patched vulnerabilities related to buffer overflow in email length and rules database
- Security Update: Prevents unrestricted file uploads to web directory
- Security Update: Prevents NVRAM settings from being accessible
- Fixed an issue where the Insight may hang and become unresponsive
- Optimized FW communication handling with cloud and error conditions
- Fixed an issue that prevents setup of WeMo with hidden SSIDs
- Fixed an issue that caused Insight to send excessive status and sync messages
- Improved the discovery of WeMo in setups with range extenders
- Improved inter-WeMo device discovery to allow easy addition of new products
Firmware version 10487:
- Security Update: Patched vulnerabilities related to buffer overflow in email length and rules database
- Security Update: Prevents unrestricted file uploads to web directory
- Security Update: Prevents NVRAM settings from being accessible
- Optimized communication with cloud and handling of authentication errors
- Improved the discovery of WeMo in setups with range extenders
- Improved inter-WeMo device discovery to allow easy addition of new products
Firmware version 10486:
- Maker
- Slow Cooker
- Air Purifier
- Humidifier
- Heater
- Coffee Maker
- Security Update: Patched vulnerabilities related to buffer overflow in email length and rules database
- Security Update: Prevents unrestricted file uploads to web directory
- Security Update: Prevents NVRAM settings from being accessible
- Optimized communication with cloud and handling of authentication errors
- Improved the discovery of WeMo in setups with range extenders
- Improved inter-WeMo device discovery to allow easy addition of new products