5 matches found
Insufficient Entropy
Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...
Insufficient Entropy
Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...
Insufficient Entropy
Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...
CVE-2018-3833
An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed...
PT-2018-16227 · Insteon · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1013 Description: An exploitable issue exists in the firmware upgrade functionality of the Insteon Hub, triggered via PubNub. The device retrieves signed firmware binaries using plain HTTP requests and does not check the...