Insteon Hub Firmware 1013
Approved changes feed: RSS · Atom
cpe:2.3:o:insteon:hub_firmware:1013:*:*:*:*:*:*:*
part: o version: 1013 update: *
| Vendor | Insteon (7b3e838e-214f-5b6e-a9e1-be9bcbb5f079) |
|---|---|
| Product | Hub Firmware (dba80978-15ad-50f7-b487-f6a77c3c7c50) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-3834 |
vulnerable | 2026-06-08 05:11:41.326804 |
Details available
HIGH (8.7)
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image.
Published: 2018-08-02T19:00:00.000Z
Updated: 2024-08-05T04:57:23.574Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.