CVE-2017-14443

An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:insteon:hub_2245-222_firmware:1012:*:*:*:*:*:*:*
cpe:2.3:h:insteon:hub_2245-222:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:12

Type Values Removed Values Added
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492 - Exploit, Third Party Advisory () https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492 - Exploit, Third Party Advisory

Information

Published : 2018-09-17 17:29

Updated : 2024-11-21 03:12


NVD link : CVE-2017-14443

Mitre link : CVE-2017-14443

CVE.ORG link : CVE-2017-14443


JSON object : View

Products Affected

insteon

  • hub_2245-222_firmware
  • hub_2245-222
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor