2 matches found
CVE-2018-3863
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows t...
CVE-2018-3863
Summary: CVE-2018-3863 covers buffer-overflow vulnerabilities in Samsung SmartThings Hub video-core (STH-ETH-250) firmware 0.20.17. The /samsungWifiScan HTTP POST parses a user-controlled JSON payload and copies JSON-string values to 40-byte buffers using strcpy, without bounding, enabling stack ...