Sth Eth 250 Firmware
CVE-2018-3918
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.
AnalysisAI
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-707. An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability. Affected products include: Samsung Sth-Eth-250 Firmware. Version information: version 0.20.17..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sth Eth 250 Firmware
View allAn exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ET
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsun
An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of vide
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsun
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 -
An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server o
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP
Same weakness CWE-707 – Improper Neutralization
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today