Sth Eth 250 Firmware
CVE-2018-3927
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability.
AnalysisAI
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-295. An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability. Affected products include: Samsung Sth-Eth-250 Firmware. Version information: version 0.20.17..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sth Eth 250 Firmware
View allAn exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ET
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsun
An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of vide
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung Sm
An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsun
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 -
An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server o
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today