Lucene search
K

8 matches found

seebug.org
seebug.org
added 2018/07/30 12:0 a.m.549 views

Samsung SmartThings Hub hubCore Google Breakpad backtrace.io information disclosure vulnerability(CVE-2018-3927)

Summary An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to...

0.4AI score0.01138EPSS
Exploits2
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.563 views

Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability(CVE-2018-3879)

Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...

0.1AI score0.01553EPSS
Exploits2
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.598 views

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability(CVE-2018-3856)

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

0.2AI score0.03444EPSS
Exploits2
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.566 views

Samsung SmartThings Hub video-core credentials Code Execution Vulnerability(CVE-2018-3873 - CVE-2018-3878)

Summary Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can...

0.4AI score0.01871EPSS
Exploits7
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.564 views

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

9.3AI score0.01435EPSS
Exploits5
Talos
Talos
added 2018/07/26 12:0 a.m.34 views

Samsung SmartThings Hub video-core Camera URL Replace Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the camera “replace” feature of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

9.9CVSS9.7AI score0.01753EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.66 views

Samsung SmartThings Hub hubCore ZigBee firmware update CRC16 check denial-of-service vulnerability

Summary An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub. The hubCore process incorrectly handles malformed files existing in its “data” directory, leading to an infinite loop, which eventually causes...

5.5CVSS5.4AI score0.00421EPSS
Exploits2
Talos
Talos
added 2018/07/26 12:0 a.m.883 views

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

9.9CVSS9.7AI score0.03444EPSS
Exploits2
Rows per page
Query Builder