Vulnerability Details CVE-2017-14455
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.6%
CVSS Severity
CVSS v3 Score 8.5
CVSS v2 Score 9.0
References
Products affected by CVE-2017-14455
-
cpe:2.3:h:insteon:hub_2245-222:-
-
cpe:2.3:o:insteon:hub_2245-222_firmware:1012