2 matches found
CVE-2018-3909
CVE-2018-3909 affects Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17. The vulnerability lies in video-core’s REST HTTP server using http-parser, where pipelined HTTP requests can cause subsequent requests to overwrite the previously parsed method (on_message_complete) and other data. This e...
Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)
Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...