Sign-up

ID

VAR-201808-0157


CVE

CVE-2017-16348


TITLE

Insteon Hub Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014189

DESCRIPTION

An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability. Insteon Hub There are authentication vulnerabilities in the firmware.Service operation interruption (DoS) There is a possibility of being put into a state. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. Insteon Hub is an Insteon central controller product of Insteon Company in the United States

Trust: 2.25

sources: NVD: CVE-2017-16348 // JVNDB: JVNDB-2017-014189 // CNVD: CNVD-2018-16874 // VULHUB: VHN-107261

IOT TAXONOMY

category:['Network device']sub_category:Gateway / Hub: Open Ecosystem

Trust: 0.6

category:['home & office device']sub_category:smart home device

Trust: 0.1

category:['home & office device']sub_category:smart home controller

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-16874

AFFECTED PRODUCTS

vendor:insteonmodel:hubscope:eqversion:1012

Trust: 3.0

sources: CNVD: CNVD-2018-16874 // JVNDB: JVNDB-2017-014189 // CNNVD: CNNVD-201808-777 // NVD: CVE-2017-16348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16348
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-16348
value: HIGH

Trust: 1.0

NVD: CVE-2017-16348
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-16874
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201808-777
value: HIGH

Trust: 0.6

VULHUB: VHN-107261
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-16348
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-16874
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-107261
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2017-16348
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2017-16348
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2018-16874 // VULHUB: VHN-107261 // JVNDB: JVNDB-2017-014189 // CNNVD: CNNVD-201808-777 // NVD: CVE-2017-16348 // NVD: CVE-2017-16348

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-107261 // JVNDB: JVNDB-2017-014189 // NVD: CVE-2017-16348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-777

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201808-777

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014189

PATCH
title:Insteon Huburl:https://www.insteon.com/insteon-hub
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-014189

EXTERNAL IDS
db:NVDid:CVE-2017-16348
Trust: 3.2
db:TALOSid:TALOS-2017-0485
Trust: 3.1
db:JVNDBid:JVNDB-2017-014189
Trust: 0.8
db:CNNVDid:CNNVD-201808-777
Trust: 0.7
db:CNVDid:CNVD-2018-16874
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:SEEBUGid:SSVID-97365
Trust: 0.1
db:VULHUBid:VHN-107261
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-16874 // 
            
            
            
            VULHUB: VHN-107261 // 
            
            
            
            JVNDB: JVNDB-2017-014189 // 
            
            
            
            CNNVD: CNNVD-201808-777 // 
            
            
            
            NVD: CVE-2017-16348

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0485
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16348
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16348
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0485
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-16874 // 
            
            
            
            VULHUB: VHN-107261 // 
            
            
            
            JVNDB: JVNDB-2017-014189 // 
            
            
            
            CNNVD: CNNVD-201808-777 // 
            
            
            
            NVD: CVE-2017-16348

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2018-16874
db:VULHUBid:VHN-107261
db:JVNDBid:JVNDB-2017-014189
db:CNNVDid:CNNVD-201808-777
db:NVDid:CVE-2017-16348

LAST UPDATE DATE
2025-01-30T19:40:17.189000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-16874date:2018-08-30T00:00:00
db:VULHUBid:VHN-107261date:2023-01-28T00:00:00
db:JVNDBid:JVNDB-2017-014189date:2018-11-09T00:00:00
db:CNNVDid:CNNVD-201808-777date:2022-04-20T00:00:00
db:NVDid:CVE-2017-16348date:2024-11-21T03:16:18.523

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-16874date:2018-08-30T00:00:00
db:VULHUBid:VHN-107261date:2018-08-23T00:00:00
db:JVNDBid:JVNDB-2017-014189date:2018-11-09T00:00:00
db:CNNVDid:CNNVD-201808-777date:2018-08-24T00:00:00
db:NVDid:CVE-2017-16348date:2018-08-23T14:29:00.213