CVE-2017-16340

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012

Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, at memory address 0x9d01c0e8, the value for the s dport key is copied using strcpy to a buffer at 0xa000180c. This buffer is 6 bytes large, and sending a value longer than this will cause a buffer overflow.

Recommendations: For Insteon Hub version 1012, as a temporary workaround, consider restricting access to authenticated HTTP requests until a patch is available. Avoid sending values longer than 6 bytes for the s dport key to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.