Wemo won’t fix Smart Plug vulnerability allowing remote operation

The report discusses insecure Belkin Wemo smart plugs and the pyWeMo community library that allow unauthenticated network commands and may be exploitable via the cloud interface; it recounts past firmware password leaks and a lingering CVE reported around 2018–2019, recommends isolating devices from the Internet and segmenting them on a subnet, and notes Belkin's reluctance to adopt local-only Matter support as a mitigation.