Lucene search

[email protected]NVD:CVE-2018-3911

HistoryAug 23, 2018 - 10:29 p.m.

CVE-2018-3911

2018-08-2322:29:00

CWE-113

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings’ remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability.

Affected configurations

NVD

Node

samsungsth-eth-250_firmwareMatch0.20.17

AND

samsungsth-eth-250Match-

References

talosintelligence.com/vulnerability_reports/TALOS-2018-0578

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for NVD:CVE-2018-3911

prion1 talos1 cve1 cvelist1 seebug1 threatpost1 talosblog1