12 matches found
EUVD-2018-15694
Malware in sbrugna...
Samsung SmartThings Hub STH-ETH-250 video-core HTTP server injection vulnerability
Samsung SmartThings Hub is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A security vulnerability exists in the REST parser of the video-core HTTP server in the Samsung SmartThings Hub STH-ETH-250 using firmware version 0.20.17, which...
CVE-2018-3908
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3908
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
Cross site request forgery (csrf)
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3908
CVE-2018-3908 affects Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17, where the video-core HTTP server’s restful parser mishandles pipelined HTTP requests. The on_body callback can cause successive requests to overwrite the previously parsed HTTP method, URL and body, enabling an attacker t...
PT-2018-16300 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17 Description: An issue exists in the REST parser of the video-core's HTTP server, where it incorrectly handles pipelined HTTP requests. This allows successive requests to overwrite t...
Cross site request forgery (csrf)
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3907
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3909
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
Cross site request forgery (csrf)
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3909
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...