Samsung Sth-Eth-250 Firmware vulnerabilities

CVE-2018-3918 [HIGH] CWE-707 CVE-2018-3918: An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - F An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker

CVE-2018-3927 [MEDIUM] CWE-295 CVE-2018-3927: An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binar An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitiv

CVE-2018-3907 [CRITICAL] CWE-444 CVE-2018-3907: An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung Sm An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP

CVE-2018-3909 [HIGH] CWE-444 CVE-2018-3909: An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung Sm An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send a

CVE-2018-3878 [CRITICAL] CWE-119 CVE-2018-3878: Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core' Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the dest

CVE-2018-3903 [CRITICAL] CWE-787 CVE-2018-3903: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512

CVE-2018-3867 [CRITICAL] CWE-787 CVE-2018-3867: An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback noti An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attack

CVE-2018-3919 [CRITICAL] CWE-787 CVE-2018-3919: An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An

CVE-2018-3872 [CRITICAL] CWE-119 CVE-2018-3872: An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP re

CVE-2018-3863 [CRITICAL] CWE-787 CVE-2018-3863: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. A

CVE-2018-3905 [CRITICAL] CWE-119 CVE-2018-3905: An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's H An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send

CVE-2018-3925 [HIGH] CWE-119 CVE-2018-3925: An exploitable buffer overflow vulnerability exists in the remote video-host communication of video- An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An at

CVE-2018-3880 [CRITICAL] CWE-787 CVE-2018-3880: An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' f An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker

CVE-2018-3866 [CRITICAL] CWE-787 CVE-2018-3866: An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's H An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destinatio

CVE-2018-3856 [CRITICAL] CWE-88 CVE-2018-3856: An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThin An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.

CVE-2018-3917 [CRITICAL] CWE-119 CVE-2018-3917: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a

CVE-2018-3902 [CRITICAL] CWE-787 CVE-2018-3902: An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an

CVE-2018-3912 [HIGH] CWE-787 CVE-2018-3912: On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey"

CVE-2018-3879 [HIGH] CWE-89 CVE-2018-3879: An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP s An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. A

CVE-2018-3911 [HIGH] CWE-113 CVE-2018-3911: An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThin An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated towar