CVE-2017-16288: Buffer Overflow
First published: Wed Jan 11 2023(Updated: )
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f60, the value for the `dst` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insteon Hub Firmware | =1012 | |
| INSTEON Hub |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-16288?
CVE-2017-16288 has been classified as critical due to the potential for remote code execution via buffer overflow.
How do I fix CVE-2017-16288?
To fix CVE-2017-16288, update the Insteon Hub firmware to a version higher than 1012.
What systems are affected by CVE-2017-16288?
CVE-2017-16288 affects the Insteon Hub running firmware version 1012.
What are the implications of exploiting CVE-2017-16288?
Exploiting CVE-2017-16288 could allow an attacker to execute arbitrary code on the Insteon Hub.
Is CVE-2017-16288 a local or remote vulnerability?
CVE-2017-16288 is a remote vulnerability that can be exploited without physical access to the device.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/insteon
- canonical/insteon hub firmware
- version/insteon hub firmware/1012
- canonical/insteon hub