CVE-2017-16253
Description
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A stack-based buffer overflow in the PubNub message handler of Insteon Hub 2245-222 firmware 1012 allows authenticated remote code execution via crafted commands.
Vulnerability
A stack-based buffer overflow vulnerability exists in the PubNub message handler of the Insteon Hub 2245-222 running firmware version 1012 [1]. Specifically, the handler for the cc channel at address 0x9d014dd8 copies the value of the id key using strcpy into a stack buffer at $sp+0x290 that is 32 bytes large [1]. Sending a command with an id value longer than 32 bytes overwrites adjacent stack memory [1].
Exploitation
An authenticated attacker can trigger this vulnerability by sending a specially crafted HTTP request through the PubNub service [1]. The attacker must first obtain valid credentials for the Insteon Hub's PubNub interface. The command is crafted to include an overly long id value that overwrites the stack buffer, potentially allowing control of the program's execution flow [1].
Impact
Successful exploitation allows an attacker to cause a stack-based buffer overflow, which can lead to arbitrary code execution on the device [1]. The CVSSv3 score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) indicates high impact on confidentiality, integrity, and availability, with a change in scope meaning the attacker can compromise resources beyond the vulnerable component [1].
Mitigation
Not yet disclosed in the available references. Insteon Hub firmware version 1012 is the affected version. No fixed version or workaround has been published as of the report date [1]. The device may be end-of-life or no longer supported; users should consider upgrading to a supported hub if available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 1012
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2017-0483mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.