CVE-2017-16255

Name of the Vulnerable Software and Affected Versions Insteon Hub 2245-222 version 1012

Description A buffer overflow vulnerability exists in the PubNub message handler. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow, overwriting arbitrary data. An attacker can send an authenticated HTTP request. The value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280, which is 16 bytes large.

Recommendations For Insteon Hub 2245-222 version 1012, consider disabling the PubNub message handler until a patch is available. Restrict access to the cmd1 key to minimize the risk of exploitation. Avoid using the cmd1 key in authenticated HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.