cnvd - cnvd-2018-14950

CNVD-2018-14950

Vulnerability from cnvd - Published: 2018-08-09

Title

Insteon Hub拒绝服务漏洞

Description

Insteon Hub是美国Insteon公司的一款Insteon中央控制器产品。该产品可远程控制家中的灯泡、墙壁开关、空调等。使用1013版本固件的Insteon Hub中存在拒绝服务漏洞，该漏洞源于程序未能检测固件镜像的类别。攻击者可通过冒充远程服务器‘cache.insteon.com’并提供已签名的固件镜像利用该漏洞造成拒绝服务。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.insteon.com/insteon-hub

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-3834

Impacted products

Name
INSTEON Insteon Hub 1013

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3834",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3834"
    }
  },
  "description": "Insteon Hub\u662f\u7f8e\u56fdInsteon\u516c\u53f8\u7684\u4e00\u6b3eInsteon\u4e2d\u592e\u63a7\u5236\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u53ef\u8fdc\u7a0b\u63a7\u5236\u5bb6\u4e2d\u7684\u706f\u6ce1\u3001\u5899\u58c1\u5f00\u5173\u3001\u7a7a\u8c03\u7b49\u3002\r\n\r\n\u4f7f\u75281013\u7248\u672c\u56fa\u4ef6\u7684Insteon Hub\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u6d4b\u56fa\u4ef6\u955c\u50cf\u7684\u7c7b\u522b\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5192\u5145\u8fdc\u7a0b\u670d\u52a1\u5668\u2018cache.insteon.com\u2019\u5e76\u63d0\u4f9b\u5df2\u7b7e\u540d\u7684\u56fa\u4ef6\u955c\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Claudio Bozzato",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.insteon.com/insteon-hub",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14950",
  "openTime": "2018-08-09",
  "products": {
    "product": "INSTEON Insteon Hub 1013"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-3834",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-07",
  "title": "Insteon Hub\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-3834 (GCVE-0-2018-3834)

Vulnerability from cvelistv5 – Published: 2018-08-02 19:00 – Updated: 2024-08-05 04:57

Summary

An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image.

Severity ?

8.7 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE

Improper Access Control

Assigner

talos

References

URL

Tags

https://www.talosintelligence.com/vulnerability_r…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Insteon	Insteon	Affected: Insteon Hub 2245-222 - Firmware version 1013

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:57:23.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Insteon",
          "vendor": "Insteon",
          "versions": [
            {
              "status": "affected",
              "version": "Insteon Hub 2245-222 - Firmware version 1013"
            }
          ]
        }
      ],
      "datePublic": "2018-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:04:12",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-3834",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Insteon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Insteon Hub 2245-222 - Firmware version 1013"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Insteon"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.7,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2018-3834",
    "datePublished": "2018-08-02T19:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T04:57:23.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-14950

CVE-2018-3834 (GCVE-0-2018-3834)

Tags

Sightings

Nomenclature