{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T09:17:46.690","vulnerabilities":[{"cve":{"id":"CVE-2017-16254","sourceIdentifier":"talos-cna@cisco.com","published":"2019-03-21T17:29:00.290","lastModified":"2024-11-21T03:16:07.100","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow."},{"lang":"es","value":"Existe una vulnerabilidad explotable de desbordamiento de búfer en el manejador de mensajes PubNub de Insteon Hub 2245-222, en la versión de firmware 1012. Los comandos especialmente manipulados enviados a través del servicio PubNub pueden provocar un desbordamiento de búfer basado en pila que sobrescribe datos arbitrarios. Un atacante puede enviar una petición HTTP autenticada en 0x9d014e4c, donde se copia el valor para la clave flg mediante strcpy al búfer en $sp+0x270. Este búfer tiene una longitud de 16 bytes; el envío de algo mayor provocará un desbordamiento de búfer."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*","matchCriteriaId":"17F98B37-72C0-48A5-A4E2-12327F48327E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:insteon:hub:2245-222:-:*:*:*:*:*:*","matchCriteriaId":"F075DC32-C386-4B3D-88AA-A56D9D4B4E54"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}