Filtered by vendor Samsung
Subscriptions
Filtered by product Sth-eth-250 Firmware
Subscriptions
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3915 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.2 High |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | ||||
| CVE-2018-3897 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.8 High |
| An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "callbackUrl" value in order to exploit this vulnerability. | ||||
| CVE-2018-3872 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3925 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | N/A |
| An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability. | ||||
| CVE-2018-3904 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3873 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | ||||
| CVE-2018-3916 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 7.8 High |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3911 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.6 High |
| An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3902 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3863 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability. | ||||
| CVE-2018-3927 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | N/A |
| An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability. | ||||
| CVE-2018-3856 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2018-3914 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 7.8 High |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. | ||||
| CVE-2018-3866 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability. | ||||
| CVE-2018-3906 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.2 High |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3877 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability. | ||||
| CVE-2018-3876 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.8 High |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | ||||
| CVE-2018-3896 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-16 | 8.8 High |
| An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability. | ||||
| CVE-2018-3913 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-08-05 | 6.7 Medium |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | ||||
| CVE-2018-3893 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-08-05 | 8.8 High |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||