{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T04:19:09.380","vulnerabilities":[{"cve":{"id":"CVE-2017-14443","sourceIdentifier":"talos-cna@cisco.com","published":"2018-09-17T17:29:00.267","lastModified":"2024-11-21T03:12:48.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de fuga de información en Insteon Hub, con la versión 1012 de firmware. La implementación del servidor HTTP comprueba de forma incorrecta el número de parámetros GET proporcionados, lo que conduce a una fuga de información controlada de forma arbitraria en toda la memoria del dispositivo. Un atacante puede enviar una petición HTTP autenticada para provocar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:insteon:hub_2245-222_firmware:1012:*:*:*:*:*:*:*","matchCriteriaId":"2532FA22-D435-47E6-8DFA-47377B1959D6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:insteon:hub_2245-222:-:*:*:*:*:*:*:*","matchCriteriaId":"150E9049-5523-4BC3-A5A5-473B6D320B68"}]}]}],"references":[{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}