Description
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability.
References (2)
Core 2
Core References
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/144975
Third Party Advisory, VDB Entry x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502
Scores
CVSS v3
8.5
EPSS
0.0188
EPSS Percentile
76.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
insteon/hub_2245-222_firmware
1012
Published
Aug 23, 2018
Tracked Since
Feb 18, 2026