Sth Eth 250 Firmware
CVE-2018-3914
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.
AnalysisAI
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. Affected products include: Samsung Sth-Eth-250 Firmware. Version information: version 0.20.17..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Sth Eth 250 Firmware
View allAn exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ET
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsun
An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of vide
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsun
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 -
An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server o
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today