CVE-2017-16252

Name of the Vulnerable Software and Affected Versions: Insteon Hub 2245-222 version 1012

Description: The issue arises from specially crafted commands sent through the PubNub service, which can cause a stack-based buffer overflow, overwriting arbitrary data. This is triggered by sending an authenticated HTTP request. Specifically, at memory address 0x9d014cc0, the value for the cmd key is copied using strcpy to a buffer located at $sp+0x11c, which is 20 bytes large. Sending data longer than this buffer size will cause a buffer overflow.

Recommendations: For Insteon Hub 2245-222 version 1012, as a temporary workaround, consider restricting access to the PubNub service until a patch is available. Avoid using the cmd key in authenticated HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.