Lucene search

[email protected]NVD:CVE-2017-16268

HistoryJan 11, 2023 - 10:15 p.m.

CVE-2017-16268

2023-01-1122:15:10

CWE-787

CWE-121

[email protected]

web.nvd.nist.gov

pubnub

insteon hub

buffer overflow

firmware v1012

stack-based

http request

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

39.0%

JSON

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the “cc” channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d0165c0, the value for the id key is copied using strcpy to the buffer at $sp+0x270.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.

Affected configurations

Nvd

Node

insteonhub_firmwareMatch1012

AND

insteonhubMatch-

VendorProductVersionCPE
insteonhub_firmware1012cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*
insteonhub-cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insteon	hub_firmware	1012	cpe:2.3:o:insteon:hub_firmware:1012:::::::*
insteon	hub	-	cpe:2.3:h:insteon:hub:-:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2017-0483

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

39.0%

JSON

Related for NVD:CVE-2017-16268

cvelist1 prion1 cve1 talos1