» 2018 » 8월

CVE-2017-16337

Posted on 2018년 8월 24일2018년 8월 24일 by admin

CVE-2017-16337

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.

Source: CVE-2017-16337

CVE-2017-14453

Posted on 2018년 8월 24일2018년 8월 24일 by admin

CVE-2017-14453

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability.

Source: CVE-2017-14453

CVE-2017-14455

Posted on 2018년 8월 24일2018년 8월 24일 by admin

CVE-2017-14455

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability.

Source: CVE-2017-14455

CVE-2018-3863

Posted on 2018년 8월 24일2018년 8월 24일 by admin

CVE-2018-3863

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability.

Source: CVE-2018-3863

CVE-2018-3867

Posted on 2018년 8월 24일2018년 8월 24일 by admin

CVE-2018-3867

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core’s HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.

Source: CVE-2018-3867

CVE-2018-3878

Posted on 2018년 8월 24일2018년 8월 24일 by admin

CVE-2018-3878

Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.

Source: CVE-2018-3878

CVE-2018-3879

Posted on 2018년 8월 24일2018년 8월 24일 by admin

CVE-2018-3879

An exploitable JSON injection vulnerability exists in the credentials handler of video-core’s HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability.

Source: CVE-2018-3879

CVE-2018-3833

Posted on 2018년 8월 23일2018년 8월 24일 by admin

CVE-2018-3833

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn’t check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server ‘cache.insteon.com’ and serve any signed firmware image.

Source: CVE-2018-3833

CVE-2018-3832

Posted on 2018년 8월 23일2018년 8월 24일 by admin

CVE-2018-3832

An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the ‘/mpfsupload’ HTTP form and later on upload the firmware via a POST request to ‘firmware.htm’.

Source: CVE-2018-3832

CVE-2017-16348

Posted on 2018년 8월 23일2018년 8월 24일 by admin

CVE-2017-16348

An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability.

Source: CVE-2017-16348