5 matches found
CVE-2018-3879
An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...
CVE-2018-3879
CVE-2018-3879 describes a JSON injection in Samsung SmartThings Hub video-core’s credentials handler that leads to a SQL injection in the SQLite database. Affected device: Samsung SmartThings Hub STH-ETH-250 with firmware 0.20.17. Root cause: the video-core HTTP server parses user-controlled JSON...
CVE-2018-3879
An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...
Samsung SmartThings Hub SQL Injection (CVE-2018-3879)
An SQL injection vulnerability exists in Samsung SmartThings Hub. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability(CVE-2018-3879)
Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...