CVE-2017-16292 HIGH

CVE-2017-16292

Vendor Insteon

Product Hub

Weakness CWE-121

Published January 11, 2023

Last update April 8, 2025

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_schd, at 0x9d019c50, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow.

Key dates

02Disclosure timeline

January 11, 2023 CVE published

April 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-16292 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/121.html

Related vulnerabilities

04Related CVE

CVE-2021-34704 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability CVE-2023-41028 Juplink RX4-1500 Stack-based Buffer Overflow Vulnerability CVE-2023-26390 ZDI-CAN-20255: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability CVE-2024-39880 Stack-based Buffer Overflow in Delta Electronics CNCSoft-G2 CVE-2023-50734 A vulnerability has been identified in the PostScript interpreter in various Lexmark devices.