Vulnerabilities > CVE-2018-11560 - Out-of-bounds Write vulnerability in Insteon 2864-222 Firmware

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
insteon
CWE-787

Summary

The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.

Vulnerable Configurations

Part Description Count
OS
Insteon
1
Hardware
Insteon
1

Common Weakness Enumeration (CWE)