Details of VAR-201809-0043

ID

VAR-201809-0043

CVE

CVE-2017-14443

TITLE

Insteon Hub Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-014377

DESCRIPTION

An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability. Insteon Hub Contains an information disclosure vulnerability.Information may be obtained. INSTEON Hub is an INSTEON central controller product of the American INSTEON company. This product can remotely control light bulbs, wall switches, air conditioners, etc. in your home

Trust: 1.71

sources: NVD: CVE-2017-14443 // JVNDB: JVNDB-2017-014377 // VULHUB: VHN-105166

IOT TAXONOMY

category:	['home & office device']	sub_category:	smart home device	Trust: 0.1
category:	['home & office device']	sub_category:	smart home controller	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	insteon	model:	hub 2245-222	scope:	eq	version:	1012	Trust: 1.0
vendor:	insteon	model:	hub	scope:	eq	version:	1012	Trust: 0.8

sources: JVNDB: JVNDB-2017-014377 // NVD: CVE-2017-14443

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14443
value:	MEDIUM
Trust: 1.0
talos-cna@cisco.com:	CVE-2017-14443
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-14443
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-625
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-105166
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-14443
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-105166
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-14443
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2017-14443
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	5.8
version:	3.0
Trust: 1.0
NVD:	CVE-2017-14443
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-105166 // JVNDB: JVNDB-2017-014377 // CNNVD: CNNVD-201709-625 // NVD: CVE-2017-14443 // NVD: CVE-2017-14443

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-105166 // JVNDB: JVNDB-2017-014377 // NVD: CVE-2017-14443

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-625

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-625

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014377

PATCH

title:

Insteon Hub

url:

https://www.insteon.com/insteon-hub

Trust: 0.8

sources: JVNDB: JVNDB-2017-014377

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14443	Trust: 2.6
db:	TALOS	id:	TALOS-2017-0492	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-014377	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-625	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	SEEBUG	id:	SSVID-97363	Trust: 0.1
db:	VULHUB	id:	VHN-105166	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-105166 // JVNDB: JVNDB-2017-014377 // CNNVD: CNNVD-201709-625 // NVD: CVE-2017-14443

REFERENCES

url:	https://www.talosintelligence.com/vulnerability_reports/talos-2017-0492	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14443	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14443	Trust: 0.8
url:	https://talosintelligence.com/vulnerability_reports/talos-2017-0492	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-105166 // JVNDB: JVNDB-2017-014377 // CNNVD: CNNVD-201709-625 // NVD: CVE-2017-14443

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-105166
db:	JVNDB	id:	JVNDB-2017-014377
db:	CNNVD	id:	CNNVD-201709-625
db:	NVD	id:	CVE-2017-14443

LAST UPDATE DATE

2025-01-30T19:28:16.423000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-105166	date:	2022-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-014377	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-625	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2017-14443	date:	2024-11-21T03:12:48.360

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-105166	date:	2018-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-014377	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-625	date:	2017-09-15T00:00:00
db:	NVD	id:	CVE-2017-14443	date:	2018-09-17T17:29:00.267