CVE-2018-3832 Information
Feb 14, 2021
cve
Description
An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability an attacker can upload an MPFS binary via the ‘/mpfsupload’ HTTP form and later on upload the firmware via a POST request to ‘firmware.htm’.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/144976 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0511
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.0
Share on: