Description
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/
Scores
CVSS v3
9.8
EPSS
0.0071
EPSS Percentile
48.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-312
CWE-922
Status
published
Products (1)
insteon/insteon_for_hub
< 1.9.7
Published
Feb 22, 2018
Tracked Since
Feb 18, 2026