CVE-2018-3925

🗓️ 23 Aug 2018 15:00:00Reported by talosType

cve🔗 web.nvd.nist.gov👁 109 Views🌐 WEB

CVE-2018-3925: Buffer overflow in Samsung SmartThings Hub STH-ETH-25

Reporter	Title	Published	Views	Family All 9
CNVD	Samsung SmartThings Hub video-core HTTP server buffer overflow vulnerability (CNVD-2018-14284)	31 Jul 201800:00	–	cnvd
Cvelist	CVE-2018-3925	23 Aug 201815:00	–	cvelist
EUVD	EUVD-2018-15711	7 Oct 202500:30	–	euvd
NVD	CVE-2018-3925	23 Aug 201815:29	–	nvd
OSV	CVE-2018-3925	23 Aug 201815:29	–	osv
Prion	Buffer overflow	23 Aug 201815:29	–	prion
seebug.org	Samsung SmartThings Hub video-core AWSELB Cookie Code Execution Vulnerability(CVE-2018-3925)	30 Jul 201800:00	–	seebug
Talos	Samsung SmartThings Hub video-core AWSELB Cookie Code Execution Vulnerability	26 Jul 201800:00	–	talos
Talos Blog	Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub	26 Jul 201808:06	–	talosblog

NVD

Vulners

Node

samsung sth-eth-250_firmwareMatch0.20.17

AND

samsung sth-eth-250Match-

[
  {
    "product": "SmartThings Hub STH-ETH-250",
    "vendor": "Samsung",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware version 0.20.17"
      }
    ]
  }
]

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2018-0591

Parameter	Position	Path	Description	CWE
streamClass	request body	cameras/<camera-id>/streams/hls1080p	PUT to /cameras/<camera-id>/streams/hls1080p used to initiate remote streaming; vulnerable cookie handling can overflow heap when processing AWSELB-related data	CWE-120
oauthToken	request body	cameras/<camera-id>/streams/hls1080p	PUT to /cameras/<camera-id>/streams/hls1080p used to initiate remote streaming; vulnerable cookie handling can overflow heap when processing AWSELB-related data	CWE-120

17 Jun 2026 01:58Current

9.6High risk

Vulners AI Score9.6

CVSS 29

CVSS 38.5 - 9.9

EPSS0.01475

CWE-119