Samsung Sth-Eth-250 Firmware vulnerabilities

CVE-2018-3874 [CRITICAL] CWE-119 CVE-2018-3874: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability.

CVE-2018-3877 [CRITICAL] CWE-119 CVE-2018-3877: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability.

CVE-2018-3873 [CRITICAL] CWE-119 CVE-2018-3873: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.

CVE-2018-3894 [HIGH] CWE-120 CVE-2018-3894: An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerabil

CVE-2018-3915 [HIGH] CWE-787 CVE-2018-3915: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit

CVE-2018-3906 [HIGH] CWE-787 CVE-2018-3906: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vuln

CVE-2018-3914 [HIGH] CWE-787 CVE-2018-3914: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to

CVE-2018-3876 [HIGH] CWE-120 CVE-2018-3876: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.

CVE-2018-3913 [MEDIUM] CWE-787 CVE-2018-3913: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to ex

CVE-2018-3865 [HIGH] CWE-120 CVE-2018-3865: An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability.

CVE-2018-3864 [HIGH] CWE-120 CVE-2018-3864: An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability.

CVE-2018-3875 [CRITICAL] CWE-119 CVE-2018-3875: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, whi

CVE-2018-3897 [HIGH] CWE-120 CVE-2018-3897: An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-cor An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer,

CVE-2018-3896 [HIGH] CWE-120 CVE-2018-3896: An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-cor An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer,

CVE-2018-3916 [HIGH] CWE-787 CVE-2018-3916: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exp

CVE-2018-3908 [HIGH] CWE-444 CVE-2018-3908: An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung Sm An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body c

CVE-2018-3895 [HIGH] CWE-120 CVE-2018-3895: An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerabilit

CVE-2018-3926 [MEDIUM] CWE-191 CVE-2018-3926: An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the h An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An at

CVE-2018-3904 [CRITICAL] CWE-787 CVE-2018-3904: An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's H An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to tr

CVE-2018-3893 [HIGH] CWE-787 CVE-2018-3893: An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to tr