Vulnerabilities > CVE-2018-11560 - Out-of-bounds Write vulnerability in Insteon 2864-222 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

insteon

CWE-787

critical

NVD

Published: 2018-06-23

Updated: 2021-06-22

Summary

The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.

Vulnerable Configurations

Part	Description	Count
OS	Insteon Insteon 2864 222 Firmware -	1
Hardware	Insteon Insteon 2864 222 *	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/badnack/Insteon_2864-222