Insteon: Security Vulnerabilities
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-06-23
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-02-22
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-02-22
Page 12