VYPR

Hub

by Insteon

CVEs (113)

  • CVE-2017-14452HigAug 23, 2018
    risk 0.55cvss 8.5epss 0.01

    An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting…

  • CVE-2017-14455HigAug 23, 2018
    risk 0.55cvss 8.5epss 0.02

    On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this…

  • CVE-2017-14453HigAug 23, 2018
    risk 0.55cvss 8.5epss 0.01

    On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this…

  • CVE-2017-14447HigAug 6, 2018
    risk 0.55cvss 8.5epss 0.01

    An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An…

  • CVE-2017-16255HigMar 21, 2019
    risk 0.53cvss 8.1epss 0.01

    An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an…

  • CVE-2017-16254HigMar 21, 2019
    risk 0.53cvss 8.1epss 0.01

    An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an…

  • CVE-2017-16253HigMar 21, 2019
    risk 0.53cvss 8.1epss 0.01

    An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based…

  • CVE-2017-16252HigAug 6, 2018
    risk 0.53cvss 8.1epss 0.01

    Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the…

  • CVE-2017-5251HigFeb 22, 2018
    risk 0.53cvss 8.1epss 0.01

    In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

  • CVE-2018-3833HigAug 23, 2018
    risk 0.49cvss 7.5epss 0.01

    An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is…

  • CVE-2017-16348HigAug 23, 2018
    risk 0.49cvss 7.5epss 0.02

    An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability.

  • CVE-2018-3834HigAug 2, 2018
    risk 0.48cvss 7.4epss 0.01

    An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware…

  • CVE-2017-14443MedSep 17, 2018
    risk 0.42cvss 6.5epss 0.02

    An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An…

Page 6 of 6