GCVE - cpe:2.3:a:insteon:insteon_hub_2245-222:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:insteon:insteon_hub_2245-222:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Insteon (`7b3e838e-214f-5b6e-a9e1-be9bcbb5f079`)
Product	Insteon Hub 2245 222 (`92e0abe1-20bc-59dd-8a31-b8944d2d8ab3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-16337`	vulnerable	2026-06-08 05:09:00.356638	Details available HIGH (8.5) On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. Published: 2018-08-23T15:00:00.000Z Updated: 2024-09-16T18:55:33.214Z Open on db.gcve.eu Reference links https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14455`	vulnerable	2026-06-08 05:08:49.975911	Details available HIGH (8.5) On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability. Published: 2018-08-23T15:00:00.000Z Updated: 2024-09-17T00:11:16.184Z Open on db.gcve.eu Reference links https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14453`	vulnerable	2026-06-08 05:08:49.973866	Details available HIGH (8.5) On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability. Published: 2018-08-23T15:00:00.000Z Updated: 2024-09-16T20:47:59.330Z Open on db.gcve.eu Reference links https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14452`	vulnerable	2026-06-08 05:08:49.973432	Details available HIGH (8.5) An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. Published: 2018-08-23T18:00:00.000Z Updated: 2024-09-17T04:28:50.538Z Open on db.gcve.eu Reference links https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.