Lucene search
K

522 matches found

Positive Technologies
Positive Technologies
added 2018/08/28 12:0 a.m.5 views

PT-2018-16288 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17 Description: A buffer overflow issue exists in the HTTP server of the Samsung SmartThings Hub, specifically in the /cameras/XXXX/clips handler. The strncpy function overflows a...

9.9CVSS9.3AI score0.01804EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2018/08/28 12:0 a.m.3 views

PT-2018-16308 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: A stack-based buffer overflow issue exists in the video-core HTTP server of the Samsung SmartThings Hub. This occurs due to a strcpy call that overflows a destination...

7.8CVSS7.6AI score0.00389EPSS
Exploits2References2
OSV
OSV
added 2018/08/27 3:29 p.m.3 views

CVE-2018-3904

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...

9.9CVSS6.1AI score
Exploits0References1
OSV
OSV
added 2018/08/27 3:29 p.m.2 views

CVE-2018-3927

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...

5.9CVSS5.8AI score0.01138EPSS
Exploits2References1
NVD
NVD
added 2018/08/27 3:29 p.m.20 views

CVE-2018-3927

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...

6.8CVSS6.4AI score0.01138EPSS
Exploits2References1
OSV
OSV
added 2018/08/27 3:29 p.m.4 views

CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...

7.5CVSS5.9AI score0.00989EPSS
Exploits2References1
NVD
NVD
added 2018/08/27 3:29 p.m.15 views

CVE-2018-3904

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...

9.9CVSS9.7AI score0.01753EPSS
Exploits2References1
NVD
NVD
added 2018/08/27 3:29 p.m.30 views

CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...

7.5CVSS6.9AI score0.00989EPSS
Exploits2References1
OSV
OSV
added 2018/08/27 3:29 p.m.3 views

CVE-2018-3893

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...

8.8CVSS6.1AI score0.01804EPSS
Exploits2References1
Prion
Prion
added 2018/08/27 3:29 p.m.20 views

Cross site request forgery (csrf)

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...

6.4CVSS7.7AI score0.00989EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2018/08/27 3:29 p.m.16 views

CVE-2018-3893

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...

9.9CVSS9.3AI score0.01804EPSS
Exploits2References1
Prion
Prion
added 2018/08/27 3:29 p.m.12 views

Information disclosure

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...

4.3CVSS5.6AI score0.01138EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2018/08/27 3:29 p.m.14 views

Buffer overflow

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...

9CVSS8.8AI score0.01804EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2018/08/27 3:29 p.m.18 views

Buffer overflow

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...

9CVSS9.6AI score0.01753EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/08/27 3:0 p.m.20 views

CVE-2018-3904

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...

9.9CVSS9.7AI score0.01753EPSS
Exploits2References1
CVE
CVE
added 2018/08/27 3:0 p.m.62 views

CVE-2018-3927

CVE-2018-3927 is an information-disclosure issue in the Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17) where hubCore’s crash handler uses Google Breakpad to create minidumps and transmits them to backtrace.io over an insecure TLS connection. The fixed URL HUBCORE_MINIDUMP_URL (configured ...

6.8CVSS5.5AI score0.01138EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2018/08/27 3:0 p.m.73 views

CVE-2018-3893

The CVE-2018-3893 family affects Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17) in the video-core HTTP server. The /cameras/XXXX/clips handler incorrectly copies a user-controlled JSON field via strncpy using a length derived from strlen, causing a stack-based buffer overflow. This allows...

9.9CVSS8.8AI score0.01804EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2018/08/27 3:0 p.m.27 views

CVE-2018-3927

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...

6.8CVSS6.4AI score0.01138EPSS
Exploits2References1
Cvelist
Cvelist
added 2018/08/27 3:0 p.m.23 views

CVE-2018-3893

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...

9.9CVSS8.9AI score0.01804EPSS
Exploits2References1
CVE
CVE
added 2018/08/27 3:0 p.m.61 views

CVE-2018-3918

CVE-2018-3918 affects Samsung SmartThings Hub STH-ETH-250 running firmware 0.20.17. The hubCore process on port 39500 relays unauthenticated messages to remote SmartThings servers, which mishandle camera IDs during the sync operation and may trigger deletion of cameras. Exploitation can occur via...

7.5CVSS7.6AI score0.00989EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder