Insteon Hub Firmware vulnerabilities
97 known vulnerabilities affecting insteon/hub_firmware.
Total CVEs
97
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL87HIGH10
Vulnerabilities
Page 1 of 5
CVE-2013-4859P2HIGHCVSS 8.1PoCv2242-2222019-12-27
CVE-2013-4859 [HIGH] CWE-276 CVE-2013-4859: INSTEON Hub 2242-222 lacks Web and API authentication
INSTEON Hub 2242-222 lacks Web and API authentication
nvd
CVE-2017-14444P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-14444 [CRITICAL] CWE-119 CVE-2017-14444: An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. Th
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.
nvd
CVE-2017-16347P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16347 [CRITICAL] CWE-120 CVE-2017-16347: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored
nvd
CVE-2017-16341P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16341 [CRITICAL] CWE-120 CVE-2017-16341: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are sto
nvd
CVE-2017-14445P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-14445 [CRITICAL] CWE-120 CVE-2017-14445: An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. Th
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.
nvd
CVE-2017-16343P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16343 [CRITICAL] CWE-120 CVE-2017-16343: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.
nvd
CVE-2017-16340P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16340 [CRITICAL] CWE-120 CVE-2017-16340: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow.
nvd
CVE-2017-16342P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16342 [CRITICAL] CWE-120 CVE-2017-16342: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.
nvd
CVE-2017-16268P3CRITICALCVSS 9.9v10122023-01-11
CVE-2017-16268 [CRITICAL] CWE-121 CVE-2017-16268: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger t
nvd
CVE-2017-16279P3CRITICALCVSS 9.9v10122023-01-11
CVE-2017-16279 [CRITICAL] CWE-121 CVE-2017-16279: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger t
nvd
CVE-2017-16278P3CRITICALCVSS 9.9v10122023-01-11
CVE-2017-16278 [CRITICAL] CWE-121 CVE-2017-16278: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger t
nvd
CVE-2017-16261P3HIGHCVSS 8.8v10122023-01-11
CVE-2017-16261 [HIGH] CWE-121 CVE-2017-16261: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this
nvd
CVE-2017-14454P3HIGHCVSS 8.5v10122023-01-12
CVE-2017-14454 [HIGH] CWE-120 CVE-2017-14454: Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "c
Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS
nvd
CVE-2017-16346P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16346 [CRITICAL] CWE-120 CVE-2017-16346: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by us
nvd
CVE-2017-16344P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16344 [CRITICAL] CWE-120 CVE-2017-16344: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by us
nvd
CVE-2017-16345P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16345 [CRITICAL] CWE-120 CVE-2017-16345: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by us
nvd
CVE-2017-16338P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16338 [CRITICAL] CWE-120 CVE-2017-16338: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.
nvd
CVE-2017-16339P3CRITICALCVSS 9.9v10122018-08-02
CVE-2017-16339 [CRITICAL] CWE-120 CVE-2017-16339: An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub ru
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sending anything longer will cause a buffer overflow.
nvd
CVE-2017-16324P3CRITICALCVSS 9.9v10122023-01-11
CVE-2017-16324 [CRITICAL] CWE-121 CVE-2017-16324: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger t
nvd
CVE-2017-16301P3CRITICALCVSS 9.9v10122023-01-11
CVE-2017-16301 [CRITICAL] CWE-121 CVE-2017-16301: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger t
nvd
1 / 5Next →