CVE-2017-16254

Name of the Vulnerable Software and Affected Versions Insteon Hub 2245-222 version 1012

Description A buffer overflow issue exists in the PubNub message handler. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow, overwriting arbitrary data. An attacker can send an authenticated HTTP request, and the value for the flg key is copied using strcpy to a buffer. This buffer is 16 bytes large, and sending anything longer will cause a buffer overflow.

Recommendations For Insteon Hub 2245-222 version 1012, as a temporary workaround, consider restricting access to the PubNub service until a patch is available. Avoid sending authenticated HTTP requests with long values for the flg key to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.