CVE-2017-16341: Buffer Overflow
First published: Thu Aug 02 2018(Updated: )
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insteon Hub | =1012 | |
| Insteon Hub |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-16341?
CVE-2017-16341 is classified as a high severity vulnerability due to the risk of buffer overflow and potential remote code execution.
How do I fix CVE-2017-16341?
To mitigate CVE-2017-16341, users should update the Insteon Hub to the latest firmware version beyond 1012.
What type of vulnerability is CVE-2017-16341?
CVE-2017-16341 is a buffer overflow vulnerability in the Insteon Hub firmware that can be exploited via an authenticated HTTP request.
Who is affected by CVE-2017-16341?
CVE-2017-16341 affects devices running Insteon Hub firmware version 1012.
What can an attacker do with CVE-2017-16341?
An attacker can potentially execute arbitrary code on the Insteon Hub by exploiting CVE-2017-16341 through crafted HTTP requests.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/insteon
- canonical/insteon hub
- version/insteon hub/1012