Description
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496
Scores
CVSS v3
8.5
EPSS
0.0108
EPSS Percentile
61.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
insteon/hub_firmware
1012
Published
Aug 06, 2018
Tracked Since
Feb 18, 2026