CVE-2017-16324

Name of the Vulnerable Software and Affected Versions Insteon Hub version 1012

Description The issue concerns a buffer overflow vulnerability in the PubNub message handler for the "cc" channel. It can be triggered by sending specially crafted commands through the PubNub service, causing a stack-based buffer overflow that overwrites arbitrary data. This requires an authenticated HTTP request. Specifically, in the cmd s sonos, the value for the s group vol key is copied to a 32-byte buffer using strcpy. Sending data longer than 32 bytes will cause a buffer overflow.

Recommendations For Insteon Hub version 1012, consider restricting access to the PubNub message handler for the "cc" channel until a patch is available. As a temporary workaround, avoid using the cmd s sonos command with long input for the s group vol key to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.