Sign-up

ID

VAR-201802-0221


CVE

CVE-2017-5251


TITLE

Insteon Hub Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012821

DESCRIPTION

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted. Insteon Hub Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. INSTEON Hub is an INSTEON central controller product of the American INSTEON company. This product can remotely control light bulbs, wall switches, air conditioners, etc. in your home. An attacker could exploit this vulnerability to bypass authentication

Trust: 1.71

sources: NVD: CVE-2017-5251 // JVNDB: JVNDB-2017-012821 // VULHUB: VHN-113454

AFFECTED PRODUCTS

vendor:insteonmodel:hubscope:lteversion:1012

Trust: 1.8

vendor:insteonmodel:hubscope:eqversion:1012

Trust: 0.6

sources: JVNDB: JVNDB-2017-012821 // CNNVD: CNNVD-201701-416 // NVD: CVE-2017-5251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5251
value: HIGH

Trust: 1.0

NVD: CVE-2017-5251
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201701-416
value: HIGH

Trust: 0.6

VULHUB: VHN-113454
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5251
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-113454
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5251
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-113454 // JVNDB: JVNDB-2017-012821 // CNNVD: CNNVD-201701-416 // NVD: CVE-2017-5251

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.1

problemtype:CWE-294

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-113454 // JVNDB: JVNDB-2017-012821 // NVD: CVE-2017-5251

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-416

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201701-416

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012821

PATCH
title:Insteon Huburl:https://www.insteon.com/insteon-hub/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-012821

EXTERNAL IDS
db:NVDid:CVE-2017-5251
Trust: 2.5
db:JVNDBid:JVNDB-2017-012821
Trust: 0.8
db:CNNVDid:CNNVD-201701-416
Trust: 0.7
db:VULHUBid:VHN-113454
Trust: 0.1
sources:
            
            
            VULHUB: VHN-113454 // 
            
            
            
            JVNDB: JVNDB-2017-012821 // 
            
            
            
            CNNVD: CNNVD-201701-416 // 
            
            
            
            NVD: CVE-2017-5251

REFERENCES
url:https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5251
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5251
Trust: 0.8
sources:
            
            
            VULHUB: VHN-113454 // 
            
            
            
            JVNDB: JVNDB-2017-012821 // 
            
            
            
            CNNVD: CNNVD-201701-416 // 
            
            
            
            NVD: CVE-2017-5251

SOURCES
db:VULHUBid:VHN-113454
db:JVNDBid:JVNDB-2017-012821
db:CNNVDid:CNNVD-201701-416
db:NVDid:CVE-2017-5251

LAST UPDATE DATE
2024-11-23T21:39:47.779000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-113454date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-012821date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201701-416date:2019-10-17T00:00:00
db:NVDid:CVE-2017-5251date:2024-11-21T03:27:22.220

SOURCES RELEASE DATE
db:VULHUBid:VHN-113454date:2018-02-22T00:00:00
db:JVNDBid:JVNDB-2017-012821date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201701-416date:2017-01-17T00:00:00
db:NVDid:CVE-2017-5251date:2018-02-22T16:29:00.357