While this wasn’t in the scope of our research, from what we have gathered, it appears that this vulnerability could be triggered via the Cloud interface (meaning, without a direct connection to the device).
This further highlights the need for the abovementioned steps, as the Wemo Cloud infrastructure could be used as a potential attack vector.
