Insteon Hub 2245-222 vulnerabilities
4 known vulnerabilities affecting insteon/insteon_hub_2245-222.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4
Vulnerabilities
Page 1 of 1
CVE-2017-14455P3HIGHCVSS 8.8vFirmware version 10122018-08-23
CVE-2017-14455 [HIGH] CWE-119 CVE-2017-14455: On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, wh
nvd
CVE-2017-16337P3HIGHCVSS 8.8vFirmware version 10122018-08-23
CVE-2017-16337 [HIGH] CWE-120 CVE-2017-16337: On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer
nvd
CVE-2017-14453P3HIGHCVSS 8.8vFirmware version 10122018-08-23
CVE-2017-14453 [HIGH] CWE-119 CVE-2017-14453: On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r,
nvd
CVE-2017-14452P3HIGHCVSS 8.8vFirmware version 10122018-08-23
CVE-2017-14452 [HIGH] CWE-119 CVE-2017-14452: An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control"
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which h
nvd