CVE-2017-16348

Published: Aug 23, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability.

Affected (1)

Products: Insteon: Insteon Hub Firmware

1 product

Insteon Hub Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Insteon Insteon Hub Firmware	Version 1012

Running on/with	Platform Versions
Insteon Insteon Hub	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0485

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0485

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.