CVE-2017-16344 Information
Description
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between \0\ and \3.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Reference
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0484
An
attacker
could
send
an
authenticated
HTTP
request
to
trigger
this
vulnerability
in
Insteon
Hub
running
firmware
version
1012.
At
0x9d01c2c8
the
value
for
the
s_url
key
is
copied
using
strcpy
to
the
buffer
at
0xa0001a0c.
This
buffer
is
16
bytes
large
sending
anything
longer
will
cause
a
buffer
overflow.
The
destination
can
also
be
shifted
by
using
an
sn_speaker
parameter
between
\0
and
\3.
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.9
Share on: