CVE-2017-16260
CVSS V2 None
CVSS V3 None
Description
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_auth, at 0x9d015478, the value for the `pwd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.
Overview
- CVE ID
- CVE-2017-16260
- Assigner
- talos-cna@cisco.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-01-11T22:15:09
- Last Modified Date
- 2023-01-23T17:04:50
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:* | 0 | OR |
References
Reference URL | Reference Tags |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2017-16260 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16260 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-01-12 05:18:02 | Added to TrackCVE | |||
2023-01-12 05:18:03 | Weakness Enumeration | new | ||
2023-01-12 14:15:17 | 2023-01-12T13:56:20 | CVE Modified Date | updated | |
2023-01-12 14:15:17 | Received | Awaiting Analysis | Vulnerability Status | updated |
2023-01-12 14:15:21 | CVSS V3 information | new | ||
2023-01-17 13:15:21 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
2023-01-17 13:15:24 | CVSS V3 information | new | ||
2023-01-20 01:13:57 | 2023-01-20T01:01:46 | CVE Modified Date | updated | |
2023-01-20 01:13:57 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
2023-01-20 01:13:58 | Weakness Enumeration | update | ||
2023-01-20 01:13:59 | CPE Information | updated | ||
2023-01-20 01:13:59 | CVSS V3 information | new | ||
2023-01-23 17:13:45 | 2023-01-23T17:04:50 | CVE Modified Date | updated | |
2023-01-23 17:13:48 | CVSS V3 information | new |