CVE-2017-16337

Name of the Vulnerable Software and Affected Versions: Insteon Hub 2245-222 version 1012

Description: The issue is caused by a stack-based buffer overflow that can be triggered by sending specially crafted commands through the PubNub service. This can overwrite arbitrary data. An attacker needs to send an authenticated HTTP request to exploit this issue. The vulnerability occurs when the value for the s offset key is copied using strcpy to a buffer at $sp+0x2b0, which is 32 bytes large. Sending data longer than 32 bytes will cause a buffer overflow.

Recommendations: For Insteon Hub 2245-222 version 1012, at the moment, there is no information about a newer version that contains a fix for this vulnerability.