CVE-2018-3926

CWE-1913 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 78.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Talos Samsung Samsung Sth-eth-250 Firmware

Timeline

PublishedAug 28

Latest updateMay 13

Description

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsamsung/sth-eth-250_firmware0.20.17

▶CVEListV5talos/samsungSamsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17

🔴Vulnerability Details

GHSA

GHSA-54c3-2724-2j2f: An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-E↗2022-05-13

▶

CVEList

CVE-2018-3926: An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-E↗2018-08-28

▶