CVE-2017-16318: Buffer Overflow
First published: Wed Jan 11 2023(Updated: )
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d16c, the value for the `g_group_off` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insteon Hub Firmware | =1012 | |
| INSTEON Hub |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-16318?
CVE-2017-16318 is considered a high severity vulnerability due to the potential for remote code execution and system compromise.
How do I fix CVE-2017-16318?
To fix CVE-2017-16318, upgrade the Insteon Hub firmware to a version later than 1012.
What devices are affected by CVE-2017-16318?
CVE-2017-16318 affects Insteon Hub devices running firmware version 1012.
What type of vulnerability is CVE-2017-16318?
CVE-2017-16318 is a buffer overflow vulnerability that can be exploited through specially crafted commands.
Can CVE-2017-16318 be exploited remotely?
Yes, CVE-2017-16318 can be exploited remotely via the PubNub message handler.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/tags
- agent/first-publish-date
- agent/description
- agent/source
- vendor/insteon
- canonical/insteon hub firmware
- version/insteon hub firmware/1012
- canonical/insteon hub