CVE-2017-14443

Published: Sep 17, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.

Affected (1)

Products: Insteon: Hub 2245 222 Firmware

1 product

Hub 2245 222 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Insteon Hub 2245 222 Firmware	Version 1012

Running on/with	Platform Versions
Insteon Hub 2245 222	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.