Arbitrarily Controlled Information Leak in Insteon Hub Firmware 1012

Arbitrarily Controlled Information Leak in Insteon Hub Firmware 1012

CVE-2017-14443 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.