CVE-2017-14452

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012

Description: A buffer overflow issue exists in the PubNub message handler for the "control" channel. Specially crafted replies from the PubNub service can cause buffer overflows, overwriting arbitrary data. The insteon pubnub.channel cc r buffer, which has a size of 16 bytes, can be overflowed using a c r parameter of arbitrary length. An attacker can exploit this by impersonating PubNub and responding to an HTTPS GET request.

Recommendations: For Insteon Hub version 1012, consider restricting access to the PubNub message handler until a patch is available. As a temporary workaround, avoid using the c r parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.