CVE-2017-14454

Name of the Vulnerable Software and Affected Versions Insteon Hub version 1012

Description Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "control" channel. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section, overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The strcpy function overflows the buffer insteon pubnub.channel al, which has a size of 16 bytes.

Recommendations As a temporary workaround, consider disabling the strcpy function or restricting the use of the insteon pubnub.channel al buffer until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.