cvelistv5 - cve-2018-3834

CVE-2018-3834 (GCVE-0-2018-3834)

Vulnerability from cvelistv5 – Published: 2018-08-02 19:00 – Updated: 2024-08-05 04:57

Summary

An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image.

Severity ?

8.7 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE

Improper Access Control

Assigner

talos

References

URL

Tags

https://www.talosintelligence.com/vulnerability_r…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Insteon	Insteon	Affected: Insteon Hub 2245-222 - Firmware version 1013

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:57:23.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Insteon",
          "vendor": "Insteon",
          "versions": [
            {
              "status": "affected",
              "version": "Insteon Hub 2245-222 - Firmware version 1013"
            }
          ]
        }
      ],
      "datePublic": "2018-06-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:04:12",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-3834",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Insteon",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Insteon Hub 2245-222 - Firmware version 1013"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Insteon"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.7,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2018-3834",
    "datePublished": "2018-08-02T19:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T04:57:23.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:insteon:hub_firmware:1013:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9346658D-BCB4-4DB7-A80F-41ACFB6AA4D1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"951165BE-0AC1-4690-8B36-E402CA0197FB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \\\"cache.insteon.com\\\" and serve a signed firmware image.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad explotable de denegaci\\u00f3n de servicio (DoS) permanente en Insteon Hub, con la versi\\u00f3n 1013 de firmware. La funcionalidad de actualizaci\\u00f3n de firmware, desencadenada por medio de PubNub, recupera binarios firmados del firmware mediante peticiones HTTP planas. El dispositivo no comprueba el tipo de imagen de firmware que se va a instalar, lo que permite que se \\\"flashee\\\" cualquier firmware firmado en cualquier MCU. Ya que el dispositivo contiene MCU diferentes e incompatibles, flashear uno en el MCU equivocado resultar\\u00e1 en un bloqueo permanente. Para desencadenar esta vulnerabilidad, un atacante debe suplantar el servidor remoto \\\"cache.insteon.com\\\" y servir una imagen de firmware firmada.\"}]",
      "id": "CVE-2018-3834",
      "lastModified": "2024-11-21T04:06:08.107",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}], \"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.8}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 7.8, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-08-02T19:29:00.983",
      "references": "[{\"url\": \"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-346\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-3834\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2018-08-02T19:29:00.983\",\"lastModified\":\"2024-11-21T04:06:08.107\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \\\"cache.insteon.com\\\" and serve a signed firmware image.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad explotable de denegaci\u00f3n de servicio (DoS) permanente en Insteon Hub, con la versi\u00f3n 1013 de firmware. La funcionalidad de actualizaci\u00f3n de firmware, desencadenada por medio de PubNub, recupera binarios firmados del firmware mediante peticiones HTTP planas. El dispositivo no comprueba el tipo de imagen de firmware que se va a instalar, lo que permite que se \\\"flashee\\\" cualquier firmware firmado en cualquier MCU. Ya que el dispositivo contiene MCU diferentes e incompatibles, flashear uno en el MCU equivocado resultar\u00e1 en un bloqueo permanente. Para desencadenar esta vulnerabilidad, un atacante debe suplantar el servidor remoto \\\"cache.insteon.com\\\" y servir una imagen de firmware firmada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.8}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":7.8,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:insteon:hub_firmware:1013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9346658D-BCB4-4DB7-A80F-41ACFB6AA4D1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"951165BE-0AC1-4690-8B36-E402CA0197FB\"}]}]}],\"references\":[{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
  }
}

VAR-201808-0890

Vulnerability from variot - Updated: 2023-12-18 13:28

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0890",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hub",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "insteon",
        "version": "1013"
      },
      {
        "model": "hub",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "insteon",
        "version": "firmware  1013"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:insteon:hub_firmware:1013:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      }
    ]
  },
  "cve": "CVE-2018-3834",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-3834",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2018-14950",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-133865",
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 5.8,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.4,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-3834",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-3834",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2018-3834",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-14950",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201808-063",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-133865",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-3834",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133865"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. Insteon Hub is an Insteon central controller product of Insteon Company in the United States",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133865"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3834"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-3834",
        "trust": 3.2
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0513",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-063",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-97366",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-133865",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3834",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133865"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ]
  },
  "id": "VAR-201808-0890",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133865"
      }
    ],
    "trust": 1.3825397
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": "Gateway / Hub: Open Ecosystem",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:28:48.504000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Insteon Hub",
        "trust": 0.8,
        "url": "https://www.insteon.com/insteon-hub"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2018-3834 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-3834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-346",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-133865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0513"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3834"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3834"
      },
      {
        "trust": 0.6,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0513"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/346.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2018-3834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133865"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133865"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-3834"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "date": "2018-08-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-133865"
      },
      {
        "date": "2018-08-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-3834"
      },
      {
        "date": "2018-11-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "date": "2018-08-02T19:29:00.983000",
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "date": "2018-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-14950"
      },
      {
        "date": "2023-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-133865"
      },
      {
        "date": "2023-02-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-3834"
      },
      {
        "date": "2018-11-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      },
      {
        "date": "2023-02-03T18:42:42.987000",
        "db": "NVD",
        "id": "CVE-2018-3834"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Insteon Hub Firmware access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008947"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-063"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-3834

Vulnerability from fkie_nvd - Published: 2018-08-02 19:29 - Updated: 2024-11-21 04:06

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Summary

References

	URL	Tags
	talos-cna@cisco.com	https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513	Exploit, Technical Description, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513	Exploit, Technical Description, Third Party Advisory

Impacted products

	Vendor	Product	Version
	insteon	hub_firmware	1013
	insteon	hub	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:insteon:hub_firmware:1013:*:*:*:*:*:*:*",
              "matchCriteriaId": "9346658D-BCB4-4DB7-A80F-41ACFB6AA4D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "951165BE-0AC1-4690-8B36-E402CA0197FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad explotable de denegaci\u00f3n de servicio (DoS) permanente en Insteon Hub, con la versi\u00f3n 1013 de firmware. La funcionalidad de actualizaci\u00f3n de firmware, desencadenada por medio de PubNub, recupera binarios firmados del firmware mediante peticiones HTTP planas. El dispositivo no comprueba el tipo de imagen de firmware que se va a instalar, lo que permite que se \"flashee\" cualquier firmware firmado en cualquier MCU. Ya que el dispositivo contiene MCU diferentes e incompatibles, flashear uno en el MCU equivocado resultar\u00e1 en un bloqueo permanente. Para desencadenar esta vulnerabilidad, un atacante debe suplantar el servidor remoto \"cache.insteon.com\" y servir una imagen de firmware firmada."
    }
  ],
  "id": "CVE-2018-3834",
  "lastModified": "2024-11-21T04:06:08.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.8,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-02T19:29:00.983",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-346"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9HRJ-7J37-G424

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02

Details

Severity ?

7.4 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-3834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-346"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-02T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image.",
  "id": "GHSA-9hrj-7j37-g424",
  "modified": "2022-05-13T01:02:08Z",
  "published": "2022-05-13T01:02:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3834"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-3834

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-3834

Aliases

CVE-2018-3834

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-3834",
    "description": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image.",
    "id": "GSD-2018-3834"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-3834"
      ],
      "details": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image.",
      "id": "GSD-2018-3834",
      "modified": "2023-12-13T01:22:43.426981Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "ID": "CVE-2018-3834",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Insteon",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Insteon Hub 2245-222 - Firmware version 1013"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Insteon"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 8.7,
          "baseSeverity": "High",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513",
            "refsource": "MISC",
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:insteon:hub_firmware:1013:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-3834"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn\u0027t check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server \"cache.insteon.com\" and serve a signed firmware image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-346"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0513"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 7.8,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-02-03T18:42Z",
      "publishedDate": "2018-08-02T19:29Z"
    }
  }
}

CNVD-2018-14950

Vulnerability from cnvd - Published: 2018-08-09

Title

Insteon Hub拒绝服务漏洞

Description

Insteon Hub是美国Insteon公司的一款Insteon中央控制器产品。该产品可远程控制家中的灯泡、墙壁开关、空调等。使用1013版本固件的Insteon Hub中存在拒绝服务漏洞，该漏洞源于程序未能检测固件镜像的类别。攻击者可通过冒充远程服务器‘cache.insteon.com’并提供已签名的固件镜像利用该漏洞造成拒绝服务。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.insteon.com/insteon-hub

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-3834

Impacted products

Name
INSTEON Insteon Hub 1013

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3834",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3834"
    }
  },
  "description": "Insteon Hub\u662f\u7f8e\u56fdInsteon\u516c\u53f8\u7684\u4e00\u6b3eInsteon\u4e2d\u592e\u63a7\u5236\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u53ef\u8fdc\u7a0b\u63a7\u5236\u5bb6\u4e2d\u7684\u706f\u6ce1\u3001\u5899\u58c1\u5f00\u5173\u3001\u7a7a\u8c03\u7b49\u3002\r\n\r\n\u4f7f\u75281013\u7248\u672c\u56fa\u4ef6\u7684Insteon Hub\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u6d4b\u56fa\u4ef6\u955c\u50cf\u7684\u7c7b\u522b\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5192\u5145\u8fdc\u7a0b\u670d\u52a1\u5668\u2018cache.insteon.com\u2019\u5e76\u63d0\u4f9b\u5df2\u7b7e\u540d\u7684\u56fa\u4ef6\u955c\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Claudio Bozzato",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.insteon.com/insteon-hub",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14950",
  "openTime": "2018-08-09",
  "products": {
    "product": "INSTEON Insteon Hub 1013"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-3834",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-07",
  "title": "Insteon Hub\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-3834 (GCVE-0-2018-3834)

VAR-201808-0890

FKIE_CVE-2018-3834

GHSA-9HRJ-7J37-G424

GSD-2018-3834

CNVD-2018-14950

Tags

Sightings

Nomenclature