2 matches found
CVE-2018-3856
CVE-2018-3856 affects Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17). Cisco Talos reports an OS command-injection in the video-core RTSP handling: if the camera-password contains spaces, the hub builds an ffmpeg command with attacker-controlled options, leading to arbitrary code execution...
Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability(CVE-2018-3856)
Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...