{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:16:36.009","vulnerabilities":[{"cve":{"id":"CVE-2017-14454","sourceIdentifier":"talos-cna@cisco.com","published":"2023-01-12T00:15:08.627","lastModified":"2024-11-21T03:12:49.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the \"control\" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes."},{"lang":"es","value":"Existen múltiples vulnerabilidades de desbordamiento de búfer explotables en el controlador de mensajes PubNub para el canal de \"control\" de Insteon Hub que ejecuta la versión de firmware 1012. Las respuestas especialmente manipuladas recibidas del servicio PubNub pueden causar desbordamientos de búfer en una sección global que sobrescribe datos arbitrarios. Un atacante debería hacerse pasar por PubNub y responder a una solicitud HTTPS GET para activar esta vulnerabilidad. El `strcpy` en [18] desborda el buffer `insteon_pubnub.channel_al`, que tiene un tamaño de 16 bytes."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*","matchCriteriaId":"17F98B37-72C0-48A5-A4E2-12327F48327E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*","matchCriteriaId":"951165BE-0AC1-4690-8B36-E402CA0197FB"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502","source":"talos-cna@cisco.com","tags":["Technical Description","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}}]}