CVE-2017-14453

Name of the Vulnerable Software and Affected Versions: Insteon Hub 2245-222 version 1012

Description: The issue arises from specially crafted replies received from the PubNub service, which can cause buffer overflows on a global section, overwriting arbitrary data. An attacker must impersonate PubNub and answer an HTTPS GET request to trigger this issue. Specifically, a strcpy overflows the buffer insteon pubnub.channel ad r, which has a size of 16 bytes, by sending an arbitrarily long "ad r" parameter.

Recommendations: For Insteon Hub 2245-222 version 1012, as a temporary workaround, consider restricting access to the PubNub service until a patch is available. Avoid using the "ad r" parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.