522 matches found
CVE-2018-3873
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long...
CVE-2018-3876
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket"...
Buffer overflow
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...
CVE-2018-3874
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...
Buffer overflow
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long...
Buffer overflow
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket"...
CVE-2018-3876
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket"...
CVE-2018-3874
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...
CVE-2018-3877
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long...
Buffer overflow
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long...
CVE-2018-3876
The CVE-2018-3876 issue affects Samsung SmartThings Hub STH-ETH-250, Firmware 0.20.17, via the video-core HTTP server in the credentials handler. The vulnerability arises from a buffer overflow caused by copying a user-controlled JSON parameter (bucket) using strncpy with a destination buffer of ...
CVE-2018-3873
Samsung SmartThings Hub (STH-ETH-250) firmware 0.20.17 uses the video-core HTTP server where the credentials handler copies user-controlled JSON values with strncpy into a stack buffer (128 bytes). The bug allows an arbitrarily long value in keys such as "secretKey" (and related fields) to overfl...
CVE-2018-3873
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long...
CVE-2018-3874
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...
CVE-2018-3877
The advisory notes CVE-2018-3877 affects Samsung SmartThings Hub STH-ETH-250 with firmware 0.20.17, where video-core’s HTTP server credentials handler copies JSON parameter values using strncpy into a stack buffer sized 160 bytes. The source data (e.g., the directory field) is user controlled, an...
CVE-2018-3874
CVE-2018-3874 (Samsung SmartThings Hub STH-ETH-250) : The video-core HTTP server credentials handler accepts a JSON payload and copies parameters using strncpy into a 32-byte stack buffer. The length is taken from the source string itself, which is user-controlled, enabling a stack-based buffer o...
CVE-2018-3877
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long...
CVE-2018-3876
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket"...
PT-2018-16305 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A stack-based buffer overflow issue exists in the video-core HTTP server due to the retrieval of database fields. Specifically, the strcpy call overflows a destination buffer of...
PT-2018-16307 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A stack-based buffer overflow issue exists in the video-core HTTP server due to the retrieval of database fields. Specifically, the strcpy call overflows a destination buffer of...