CVE-2017-14443

MEDIUM

Insteon Hub <1012 - Info Disclosure

Title source: llm
STIX 2.1

Description

An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492

Scores

CVSS v3 6.5
EPSS 0.0177
EPSS Percentile 75.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
insteon/hub_2245-222_firmware 1012
Published Sep 17, 2018
Tracked Since Feb 18, 2026