Sign-up

ID

VAR-201903-0907


CVE

CVE-2017-16254


TITLE

Insteon Hub Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014406

DESCRIPTION

An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. An attacker could exploit the vulnerability to cover any data by sending an authenticated request

Trust: 2.25

sources: NVD: CVE-2017-16254 // JVNDB: JVNDB-2017-014406 // CNVD: CNVD-2019-13143 // VULHUB: VHN-107158

IOT TAXONOMY

category:['ICS', 'Network device']sub_category:Gateway / Hub: Open Ecosystem

Trust: 0.6

category:['home & office device']sub_category:smart home device

Trust: 0.1

category:['home & office device']sub_category:smart home controller

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-13143

AFFECTED PRODUCTS

vendor:insteonmodel:hubscope:eqversion:1012

Trust: 2.4

sources: CNVD: CNVD-2019-13143 // JVNDB: JVNDB-2017-014406 // NVD: CVE-2017-16254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16254
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-16254
value: HIGH

Trust: 1.0

NVD: CVE-2017-16254
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-13143
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-176
value: HIGH

Trust: 0.6

VULHUB: VHN-107158
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-16254
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-13143
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-107158
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16254
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-16254
baseSeverity: HIGH
baseScore: 8.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-16254
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-13143 // VULHUB: VHN-107158 // JVNDB: JVNDB-2017-014406 // CNNVD: CNNVD-201711-176 // NVD: CVE-2017-16254 // NVD: CVE-2017-16254

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-107158 // JVNDB: JVNDB-2017-014406 // NVD: CVE-2017-16254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-176

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014406

PATCH
title:Insteon Huburl:https://www.insteon.com/insteon-hub
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-014406

EXTERNAL IDS
db:NVDid:CVE-2017-16254
Trust: 3.2
db:TALOSid:TALOS-2017-0483
Trust: 3.1
db:JVNDBid:JVNDB-2017-014406
Trust: 0.8
db:CNNVDid:CNNVD-201711-176
Trust: 0.7
db:CNVDid:CNVD-2019-13143
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-107158
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-13143 // 
            
            
            
            VULHUB: VHN-107158 // 
            
            
            
            JVNDB: JVNDB-2017-014406 // 
            
            
            
            CNNVD: CNNVD-201711-176 // 
            
            
            
            NVD: CVE-2017-16254

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0483
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-16254
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16254
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0483
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-13143 // 
            
            
            
            VULHUB: VHN-107158 // 
            
            
            
            JVNDB: JVNDB-2017-014406 // 
            
            
            
            CNNVD: CNNVD-201711-176 // 
            
            
            
            NVD: CVE-2017-16254

CREDITS
Discovered by Claudio Bozzato of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-176

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2019-13143
db:VULHUBid:VHN-107158
db:JVNDBid:JVNDB-2017-014406
db:CNNVDid:CNNVD-201711-176
db:NVDid:CVE-2017-16254

LAST UPDATE DATE
2025-01-30T20:28:16.198000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-13143date:2019-05-07T00:00:00
db:VULHUBid:VHN-107158date:2022-12-09T00:00:00
db:JVNDBid:JVNDB-2017-014406date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201711-176date:2022-12-12T00:00:00
db:NVDid:CVE-2017-16254date:2024-11-21T03:16:07.100

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-13143date:2019-05-07T00:00:00
db:VULHUBid:VHN-107158date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2017-014406date:2019-04-26T00:00:00
db:CNNVDid:CNNVD-201711-176date:2017-10-31T00:00:00
db:NVDid:CVE-2017-16254date:2019-03-21T17:29:00.290