3 matches found
CVE-2018-3907
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3907
CVE-2018-3907 (and related CVEs 3908/3909) affects Samsung SmartThings Hub video-core HTTP server on STH-ETH-250 firmware 0.20.17. The REST parser mishandles pipelined HTTP requests, causing successive requests to overwrite the previously parsed URL/method/body via the on_url, on_body, and on_mes...
Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)
Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...