2 matches found
CVE-2018-3833
An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed...
CVE-2018-3833
CVE-2018-3833 affects Insteon Hub (firmware 1013). The firmware upgrade flow fetches signed firmware over plain HTTP and does not verify that the new image is newer than the installed one, enabling an attacker (MITM impersonating cache.insteon.com) to flash older firmware. TALOS research notes mi...