CVE-2017-16292: Buffer Overflow
First published: Wed Jan 11 2023(Updated: )
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_schd, at 0x9d019c50, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insteon Hub Firmware | =1012 | |
| INSTEON Hub |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-16292?
CVE-2017-16292 refers to multiple exploitable buffer overflow vulnerabilities in the PubNub message handler for the cc channel of Insteon Hub firmware version 1012.
How severe is CVE-2017-16292?
CVE-2017-16292 has a severity rating of 9.9 (critical).
What software is affected by CVE-2017-16292?
The Insteon Hub running firmware version 1012 is affected by CVE-2017-16292.
How can an attacker exploit CVE-2017-16292?
An attacker can exploit CVE-2017-16292 by sending specially crafted commands through the PubNub service to cause a stack-based buffer overflow, overwriting arbitrary data.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/insteon
- canonical/insteon hub firmware
- version/insteon hub firmware/1012
- canonical/insteon hub