Insteon Hub 2245-222 Firmware 1013
Approved changes feed: RSS · Atom
cpe:2.3:o:insteon:hub_2245-222_firmware:1013:*:*:*:*:*:*:*
part: o version: 1013 update: *
| Vendor | Insteon (7b3e838e-214f-5b6e-a9e1-be9bcbb5f079) |
|---|---|
| Product | Hub 2245 222 Firmware (801cbe93-8436-5476-a182-c16a5f50bc3d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-3833 |
vulnerable | 2026-06-08 05:11:41.325010 |
Details available
HIGH (8.6)
An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.
Published: 2018-08-23T14:00:00.000Z
Updated: 2024-09-17T02:26:41.031Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-3832 |
vulnerable | 2026-06-08 05:11:41.323572 |
Details available
CRITICAL (9.9)
An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.
Published: 2018-08-23T14:00:00.000Z
Updated: 2024-09-17T03:28:53.011Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.