42 matches found
SmartThings 安全漏洞
Samsung SmartThings Hub STH-ETH-250 is a smart home management device from Samsung South Korea. A security vulnerability exists in versions prior to SmartThings 1.7.64.21 that allows an attacker to access user information via logs...
Samsung SmartThings Hub STH-ETH-250 video-core HTTP server stack buffer overflow vulnerability (CNVD-2018-20127)
Samsung SmartThings Hub STH-ETH-250 is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A stack buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub...
Samsung SmartThings Hub STH-ETH-250 video-core HTTP server buffer overflow vulnerability (CNVD-2018-19739)
Samsung SmartThings Hub STH-ETH-250 is a smart home management device from Samsung, South Korea. video-core HTTP server is one of the HTTP servers. A buffer overflow vulnerability exists in the Samsung WifiScan handler for the video-core HTTP server in the Samsung SmartThings Hub STH-ETH-250 with...
CVE-2018-3915
The CVE-2018-3915 family affects Samsung SmartThings Hub STH-ETH-250 running firmware 0.20.17, where the video-core HTTP server uses string copy operations to retrieve shard table fields (secretKey, accessKey, sessionToken, bucket, directory, region). Each field is fetched via SELECT and copied w...
CVE-2018-3914
Samsung SmartThings Hub STH-ETH-250 firmware version 0.20.17 exposes a stack-based buffer overflow in the video-core HTTP server during retrieval of shard table fields. The vulnerability occurs in a series of unbounded strcpy copies when loading fields such as secretKey, accessKey, sessionToken, ...
CVE-2018-3913
Samsung SmartThings Hub STH-ETH-250 (Firmware 0.20.17) is affected by a stack-based buffer overflow in the video-core HTTP server’s shard data retrieval. The vulnerability arises from unconstrained strcpy Copy operations when reading fields from the shard table (secretKey, accessKey, sessionToken...
CVE-2018-3874
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...
CVE-2018-3876
The CVE-2018-3876 issue affects Samsung SmartThings Hub STH-ETH-250, Firmware 0.20.17, via the video-core HTTP server in the credentials handler. The vulnerability arises from a buffer overflow caused by copying a user-controlled JSON parameter (bucket) using strncpy with a destination buffer of ...
CVE-2018-3876
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket"...
CVE-2018-3877
The advisory notes CVE-2018-3877 affects Samsung SmartThings Hub STH-ETH-250 with firmware 0.20.17, where video-core’s HTTP server credentials handler copies JSON parameter values using strncpy into a stack buffer sized 160 bytes. The source data (e.g., the directory field) is user controlled, an...
CVE-2018-3873
Samsung SmartThings Hub (STH-ETH-250) firmware 0.20.17 uses the video-core HTTP server where the credentials handler copies user-controlled JSON values with strncpy into a stack buffer (128 bytes). The bug allows an arbitrarily long value in keys such as "secretKey" (and related fields) to overfl...
CVE-2018-3874
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long...
CVE-2018-3864
CVE-2018-3864 affects Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17). The vulnerability is a buffer overflow in the video-core HTTP server’s WifiScan handler. The implementation copies JSON-derived strings into 40-byte buffers using strcpy without respecting actual length, enabling potent...
CVE-2018-3875
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the...
CVE-2018-3908
CVE-2018-3908 affects Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17, where the video-core HTTP server’s restful parser mishandles pipelined HTTP requests. The on_body callback can cause successive requests to overwrite the previously parsed HTTP method, URL and body, enabling an attacker t...
CVE-2018-3895
The CVE-2018-3895 family concerns a stack buffer overflow in Samsung SmartThings Hub STH-ETH-250 (video-core HTTP server) firmware 0.20.17. The vulnerable code uses strncpy(stack_buffer, json_parameter, strlen(json_parameter)); where the destination buffer is 52 bytes, and the json_parameter come...
CVE-2018-3918
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...
CVE-2018-3927
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the...
CVE-2018-3893
The CVE-2018-3893 family affects Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17) in the video-core HTTP server. The /cameras/XXXX/clips handler incorrectly copies a user-controlled JSON field via strncpy using a length derived from strlen, causing a stack-based buffer overflow. This allows...
CVE-2018-3918
CVE-2018-3918 affects Samsung SmartThings Hub STH-ETH-250 running firmware 0.20.17. The hubCore process on port 39500 relays unauthenticated messages to remote SmartThings servers, which mishandle camera IDs during the sync operation and may trigger deletion of cameras. Exploitation can occur via...