38 matches found
CVE-2018-3874
CVE-2018-3874 (Samsung SmartThings Hub STH-ETH-250) : The video-core HTTP server credentials handler accepts a JSON payload and copies parameters using strncpy into a 32-byte stack buffer. The length is taken from the source string itself, which is user-controlled, enabling a stack-based buffer o...
CVE-2018-3874
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...
PT-2018-16269 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17 Description: A buffer overflow issue exists in the credentials handler of the video-core's HTTP server. The strncpy function overflows a destination buffer of 64 bytes. An attacker...
PT-2018-16267 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17 Description: A buffer overflow issue exists in the credentials handler of the video-core's HTTP server. The strncpy function overflows a destination buffer of size 32 bytes. This ca...
PT-2018-16270 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17 Description: A buffer overflow issue exists in the credentials handler of the video-core's HTTP server. The strncpy function overflows the destination buffer, which has a size of 16...
PT-2018-16266 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17 Description: A buffer overflow issue exists in the credentials handler of the video-core's HTTP server. The strncpy function overflows a destination buffer of 128 bytes. An attacker...
CVE-2018-3875
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the...
Buffer overflow
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the...
PT-2018-16268 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17 Description: A buffer overflow issue exists in the credentials handler of the video-core's HTTP server. The video-core process incorrectly handles fields from a user-controlled JSON...
CVE-2018-3872
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer...
CVE-2018-3879
An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...
CVE-2018-3878
Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buff...
PT-2018-16271 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: The issue is related to multiple exploitable buffer overflow vulnerabilities in the credentials handler of the video-core's HTTP server. These vulnerabilities occur due to the...
PT-2018-16265 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: A buffer overflow issue exists in the credentials handler of the video-core's HTTP server. The video-core process incorrectly extracts the videoHostUrl field from a...
PT-2018-16272 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A JSON injection issue exists in the credentials handler of the video-core's HTTP server, allowing an attacker to send HTTP requests that trigger this issue. The video-core...
Samsung SmartThings Hub video-core HTTP server buffer overflow vulnerability (CNVD-2018-15899)
Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A buffer overflow vulnerability exists in the credentials handler of the video-core HTTP server in the Samsung SmartThings Hub, which originates from the...
Samsung SmartThings Hub video-core HTTP server buffer overflow vulnerability (CNVD-2018-15900)
Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A buffer overflow vulnerability exists in the credentials handler of the video-core HTTP server in the Samsung SmartThings Hub, which originates from the...
Samsung SmartThings Hub video-core HTTP server injection vulnerability
Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. An injection vulnerability exists in the credentials handler of the video-core HTTP server in the Samsung SmartThings Hub, which is caused by the program not...