CVE-2017-16338

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012

Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. This occurs because the value for the host key is copied using strcpy to a buffer at 0xa00016e0, which is 32 bytes large. Sending a value longer than 32 bytes will cause the buffer overflow.

Recommendations: For Insteon Hub version 1012, as a temporary workaround, consider restricting access to the vulnerable HTTP endpoint until a patch is available. Avoid sending authenticated HTTP requests with a host key value longer than 32 bytes to prevent the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.