Lucene search

[email protected]CVE-2017-16295

HistoryJan 11, 2023 - 10:15 p.m.

CVE-2017-16295

2023-01-1122:15:12

CWE-121

[email protected]

web.nvd.nist.gov

cve-2017-16295

buffer overflow

pubnub

insteon hub

firmware

security vulnerability

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

34.8%

JSON

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a18c, the value for the off key is copied using strcpy to the buffer at $sp+0x270.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.

Affected configurations

Vulners

NVD

Node

insteoninsteon_hubRange≤Not specified

VendorProductVersionCPE
insteoninsteon_hub*cpe:2.3:h:insteon:insteon_hub:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insteon	insteon_hub	*	cpe:2.3:h:insteon:insteon_hub::::::::

CNA Affected

[
  {
    "vendor": "Insteon",
    "product": "Hub",
    "versions": [
      {
        "version": "Not specified",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2017-0483

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

34.8%

JSON

Related for CVE-2017-16295

prion1 nvd1 cvelist1 talos1