Filtered by vendor Insteon
Subscribe
Total
114 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-16338 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-08 | 8.0 HIGH | 9.9 CRITICAL |
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | |||||
CVE-2017-16339 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-08 | 8.0 HIGH | 9.9 CRITICAL |
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sending anything longer will cause a buffer overflow. | |||||
CVE-2017-16341 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-08 | 8.0 HIGH | 9.9 CRITICAL |
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow. | |||||
CVE-2017-16346 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-08 | 8.0 HIGH | 9.9 CRITICAL |
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3". | |||||
CVE-2017-16345 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-08 | 8.0 HIGH | 9.9 CRITICAL |
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3". | |||||
CVE-2017-14455 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2022-04-19 | 9.0 HIGH | 8.8 HIGH |
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability. | |||||
CVE-2017-14452 | 1 Insteon | 2 Hub, Hub Firmware | 2022-04-19 | 6.5 MEDIUM | 8.8 HIGH |
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. | |||||
CVE-2017-14447 | 1 Insteon | 2 Hub, Hub Firmware | 2022-04-19 | 5.5 MEDIUM | 7.7 HIGH |
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2017-14453 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2022-04-19 | 9.0 HIGH | 8.8 HIGH |
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability. | |||||
CVE-2018-11560 | 1 Insteon | 2 2864-222, 2864-222 Firmware | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100. | |||||
CVE-2018-12640 | 1 Insteon | 2 2864-222, 2864-222 Firmware | 2021-06-22 | 7.5 HIGH | 9.8 CRITICAL |
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. | |||||
CVE-2013-4859 | 1 Insteon | 2 Hub, Hub Firmware | 2020-01-09 | 9.3 HIGH | 8.1 HIGH |
INSTEON Hub 2242-222 lacks Web and API authentication | |||||
CVE-2017-5250 | 1 Insteon | 1 Insteon For Hub | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner. | |||||
CVE-2017-5251 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. |