CVE-2017-14443
Summary
| CVE | CVE-2017-14443 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-17 17:29:00 UTC |
| Updated | 2022-12-14 16:13:00 UTC |
| Description | An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Insteon | Hub 2245-222 | - | All | All | All |
| Hardware | Insteon | Hub 2245-222 | - | All | All | All |
| Operating System | Insteon | Hub 2245-222 Firmware | 1012 | All | All | All |
| Operating System | Insteon | Hub 2245-222 Firmware | 1012 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TALOS-2017-0492 - Cisco Talos | MISC | www.talosintelligence.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.