522 matches found
CVE-2018-3904
CVE-2018-3904 is a buffer overflow in Samsung SmartThings Hub STH-ETH-250, triggered by user-controlled JSON in the video-core HTTP server when handling PATCH /cameras/ requests. The vulnerable code copies a parameter value (url or state) into a 512-byte stack buffer using memcpy with length deri...
CVE-2018-3918
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...
PT-2018-16296 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: A buffer overflow issue exists in the camera 'update' feature of the video-core's HTTP server. This occurs because the video-core process incorrectly extracts fields...
PT-2018-16286 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: A buffer overflow issue exists due to the incorrect extraction of fields from a user-controlled JSON payload in the video-core process of the Samsung SmartThings Hub's HTTP...
PT-2018-16310 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: An issue exists in the remote servers of Samsung SmartThings Hub where the hubCore process listens on port 39500 and relays unauthenticated messages. The servers incorrectly...
Cross site request forgery (csrf)
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3909
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3909
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3907
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3907
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
Cross site request forgery (csrf)
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3909
CVE-2018-3909 affects Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17. The vulnerability lies in video-core’s REST HTTP server using http-parser, where pipelined HTTP requests can cause subsequent requests to overwrite the previously parsed method (on_message_complete) and other data. This e...
PT-2018-16301 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: The issue exists in the REST parser of the video-core's HTTP server, where it incorrectly handles pipelined HTTP requests. This allows successive requests to overwrit...
CVE-2018-3909
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
CVE-2018-3907
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP...
PT-2018-16299 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17 Description: The issue arises from the incorrect handling of pipelined HTTP requests by the video-core process in the Samsung SmartThings Hub's HTTP server. This allows successive...
CVE-2018-3907
CVE-2018-3907 (and related CVEs 3908/3909) affects Samsung SmartThings Hub video-core HTTP server on STH-ETH-250 firmware 0.20.17. The REST parser mishandles pipelined HTTP requests, causing successive requests to overwrite the previously parsed URL/method/body via the on_url, on_body, and on_mes...
CVE-2018-3866
An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...
CVE-2018-3911
An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages...
Buffer overflow
An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on...