Skip to main content

Sth Eth 250 Firmware CVE-2018-3912

HIGH
Out-of-bounds Write (CWE-787)
2018-08-23 talos-cna@cisco.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 23, 2018 - 18:29 nvd
HIGH 7.8

DescriptionNVD

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.

AnalysisAI

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. Affected products include: Samsung Sth-Eth-250 Firmware. Version information: version 0.20.17.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2018-3907 CRITICAL POC
10.0 Aug 24

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ET

CVE-2018-3877 CRITICAL POC
9.9 Sep 21

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm

CVE-2018-3874 CRITICAL POC
9.9 Sep 21

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm

CVE-2018-3873 CRITICAL POC
9.9 Sep 21

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm

CVE-2018-3875 CRITICAL POC
9.9 Sep 10

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm

CVE-2018-3904 CRITICAL POC
9.9 Aug 27

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsun

CVE-2018-3880 CRITICAL POC
9.9 Aug 23

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of vide

CVE-2018-3872 CRITICAL POC
9.9 Aug 23

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm

CVE-2018-3866 CRITICAL POC
9.9 Aug 23

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsun

CVE-2018-3856 CRITICAL POC
9.9 Aug 23

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 -

CVE-2018-3925 CRITICAL POC
9.9 Aug 23

An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server o

CVE-2018-3919 CRITICAL POC
9.9 Aug 23

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP

Share

CVE-2018-3912 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy