CVE-2017-14443

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012

Description: An exploitable information leak issue exists due to the HTTP server implementation incorrectly checking the number of GET parameters supplied. This leads to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this issue.

Recommendations: For Insteon Hub version 1012, consider restricting access to the HTTP server until a patch is available. As a temporary workaround, avoid using the vulnerable HTTP endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.