CVE-2017-16346

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012

Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, the s mac key value is copied to a 25-byte buffer using strcpy. Sending a value longer than 25 bytes will cause the buffer to overflow. The destination of the overflow can be shifted using the sn speaker parameter with values between 0 and 3.

Recommendations: For Insteon Hub version 1012, consider restricting access to authenticated HTTP requests until a patch is available. As a temporary workaround, avoid using the sn speaker parameter to minimize the risk of exploitation.