Samsung Smartthings Hub Sth-Eth-250 vulnerabilities

CVE-2018-3874 [CRITICAL] CWE-119 CVE-2018-3874: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability.

CVE-2018-3873 [CRITICAL] CWE-119 CVE-2018-3873: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.

CVE-2018-3877 [CRITICAL] CWE-119 CVE-2018-3877: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability.

CVE-2018-3876 [HIGH] CWE-120 CVE-2018-3876: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.

CVE-2018-3894 [HIGH] CWE-120 CVE-2018-3894: An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerabil

CVE-2018-3914 [HIGH] CWE-787 CVE-2018-3914: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to

CVE-2018-3915 [HIGH] CWE-787 CVE-2018-3915: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit

CVE-2018-3906 [HIGH] CWE-787 CVE-2018-3906: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vuln

CVE-2018-3865 [HIGH] CWE-120 CVE-2018-3865: An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability.

CVE-2018-3864 [HIGH] CWE-120 CVE-2018-3864: An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability.

CVE-2018-3875 [CRITICAL] CWE-119 CVE-2018-3875: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, whi

CVE-2018-3897 [HIGH] CWE-120 CVE-2018-3897: An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-cor An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer,

CVE-2018-3896 [HIGH] CWE-120 CVE-2018-3896: An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-cor An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer,

CVE-2018-3878 [CRITICAL] CWE-119 CVE-2018-3878: Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core' Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the dest

CVE-2018-3905 [CRITICAL] CWE-119 CVE-2018-3905: An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's H An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send

CVE-2018-3867 [CRITICAL] CWE-787 CVE-2018-3867: An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback noti An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attack

CVE-2018-3925 [HIGH] CWE-119 CVE-2018-3925: An exploitable buffer overflow vulnerability exists in the remote video-host communication of video- An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An at

CVE-2018-3919 [CRITICAL] CWE-787 CVE-2018-3919: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An

CVE-2018-3863 [CRITICAL] CWE-787 CVE-2018-3863: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. A

CVE-2018-3917 [CRITICAL] CWE-119 CVE-2018-3917: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a