522 matches found
PT-2018-16288 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17 Description: A buffer overflow issue exists in the HTTP server of the Samsung SmartThings Hub, specifically in the /cameras/XXXX/clips handler. The strncpy function overflows a...
PT-2018-16308 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: A stack-based buffer overflow issue exists in the video-core HTTP server of the Samsung SmartThings Hub. This occurs due to a strcpy call that overflows a destination...
CVE-2018-3904
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...
CVE-2018-3927
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...
CVE-2018-3927
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...
CVE-2018-3918
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...
CVE-2018-3904
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...
CVE-2018-3918
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...
CVE-2018-3893
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...
Cross site request forgery (csrf)
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...
CVE-2018-3893
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...
Information disclosure
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...
Buffer overflow
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...
Buffer overflow
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...
CVE-2018-3904
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...
CVE-2018-3927
CVE-2018-3927 is an information-disclosure issue in the Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17) where hubCore’s crash handler uses Google Breakpad to create minidumps and transmits them to backtrace.io over an insecure TLS connection. The fixed URL HUBCORE_MINIDUMP_URL (configured ...
CVE-2018-3893
The CVE-2018-3893 family affects Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17) in the video-core HTTP server. The /cameras/XXXX/clips handler incorrectly copies a user-controlled JSON field via strncpy using a length derived from strlen, causing a stack-based buffer overflow. This allows...
CVE-2018-3927
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...
CVE-2018-3893
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflo...
CVE-2018-3918
CVE-2018-3918 affects Samsung SmartThings Hub STH-ETH-250 running firmware 0.20.17. The hubCore process on port 39500 relays unauthenticated messages to remote SmartThings servers, which mishandle camera IDs during the sync operation and may trigger deletion of cameras. Exploitation can occur via...