Lucene search
K

5 matches found

NVD
NVD
added 2018/08/23 3:29 p.m.32 views

CVE-2018-3879

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...

8.8CVSS8.9AI score0.01553EPSS
Exploits2References1
CVE
CVE
added 2018/08/23 3:0 p.m.75 views

CVE-2018-3879

CVE-2018-3879 describes a JSON injection in Samsung SmartThings Hub video-core’s credentials handler that leads to a SQL injection in the SQLite database. Affected device: Samsung SmartThings Hub STH-ETH-250 with firmware 0.20.17. Root cause: the video-core HTTP server parses user-controlled JSON...

8.8CVSS8.8AI score0.01553EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/08/23 3:0 p.m.32 views

CVE-2018-3879

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in...

8.8CVSS8.9AI score0.01553EPSS
Exploits2References1
Check Point Advisories
Check Point Advisories
added 2018/08/01 12:0 a.m.4 views

Samsung SmartThings Hub SQL Injection (CVE-2018-3879)

An SQL injection vulnerability exists in Samsung SmartThings Hub. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

6.5CVSS4.4AI score0.01553EPSS
Exploits2
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.562 views

Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability(CVE-2018-3879)

Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...

0.1AI score0.01553EPSS
Exploits2
Rows per page
Query Builder