CVE-2017-16288 in Insteoninformazioni

Riassunto

di MITRE • 12/01/2023

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f60, the value for the `dst` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsabile

Talos

Prenotare

31/10/2017

Divulgazione

12/01/2023

Moderazione

accettato

Voce

VDB-218089

CPE

pronto

CWE

CWE-121 (confermato)

CVSS

9.9 (NVD)

EPSS

0.00673

KEV

Attività

molto basso

Settore

Transportation, Pharma, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-16288
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-16288
CVE Details	https://www.cvedetails.com/cve/CVE-2017-16288/

◂ Precedente Visione D'ensemble Il prossimo ▸

Interested in the pricing of exploits?

See the underground prices here!