2 matches found
CVE-2018-3926
CVE-2018-3926 describes an integer underflow/loop condition in the Hub Core’s ZigBee firmware update routine on Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17). The vulnerable component is the hubCore binary when it processes the ZigBee update files in /hub/data/hubcore/, where a size unde...
Samsung SmartThings Hub hubCore ZigBee firmware update CRC16 check denial-of-service vulnerability(CVE-2018-3926)
Summary An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub. The hubCore process incorrectly handles malformed files existing in its "data" directory, leading to an infinite loop, which eventually causes...