Sth-eth-250 Firmware Security Vulnerabilities and Issues — Sth-eth-250 Firmware CVE List

Lucene search

SamsungSth-eth-250 Firmware

4 matches found

CVE•added 2018/08/23 3:29 p.m.•58 views

CVE-2018-3879

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in tu...

8.8CVSS8.8AI score0.00186EPSS

CVE•added 2018/08/23 10:29 p.m.•58 views

CVE-2018-3911

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, ...

8.6CVSS8.6AI score0.00837EPSS

CVE•added 2018/09/21 3:29 p.m.•54 views

CVE-2018-3915

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can se...

8.2CVSS8.9AI score0.00053EPSS

CVE•added 2018/09/21 3:29 p.m.•50 views

CVE-2018-3906

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. A...

8.2CVSS8.3AI score0.00142EPSS