2 matches found
CVE-2018-3911
CVE-2018-3911 affects Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17). The hubCore process listens on port 39500 and forwards unauthenticated JSON to remote SmartThings servers, which mishandle JSON and can inject CRLF into HTTP requests sent to the internal video-core HTTP server. This en...
Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability(CVE-2018-3911)
Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controll...