CVE-2017-16253

Name of the Vulnerable Software and Affected Versions Insteon Hub 2245-222 version 1012

Description A buffer overflow vulnerability exists in the PubNub message handler of the Insteon Hub. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow, overwriting arbitrary data. An attacker can send an authenticated HTTP request to exploit this issue. The id key value is copied using strcpy to a 32-byte buffer, and sending a longer value will cause a buffer overflow.

Recommendations For Insteon Hub 2245-222 version 1012, as a temporary workaround, consider restricting access to the PubNub service until a patch is available. Avoid sending authenticated HTTP requests with long id key values to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.