CVE-2017-16286 in Insteoninformazioni

Riassunto

di MITRE • 12/01/2023

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018ea0, the value for the `dststart` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsabile

Talos

Prenotare

31/10/2017

Divulgazione

12/01/2023

Moderazione

accettato

Voce

VDB-218087

CPE

pronto

CWE

CWE-121 (confermato)

CVSS

9.9 (NVD)

EPSS

0.00673

KEV

Attività

molto basso

Settore

Hostingprovider, Government, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-16286
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-16286
CVE Details	https://www.cvedetails.com/cve/CVE-2017-16286/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!