CVE-2017-5251

Published: Feb 22, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

Affected (1)

Products: Insteon: Insteon Hub Firmware

Insteon

1 product

Insteon Hub Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Insteon Insteon Hub Firmware	Up to 1012

Running on/with	Platform Versions
Insteon Insteon Hub	All versions

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CWE-311

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (2)

https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/

Source: cve@rapid7.com

Third Party Advisory

https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.