PT-2018-16294 · Samsung · Samsung Smartthings Hub
Published
2018-08-23
·
Updated
2023-02-04
·
CVE-2018-3902
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung SmartThings Hub STH-ETH-250 version 0.20.17
Description
A buffer overflow issue exists in the camera "replace" feature of the video-core's HTTP server. This occurs because the video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can trigger this issue by sending a crafted HTTP request.
Recommendations
For Samsung SmartThings Hub STH-ETH-250 version 0.20.17, consider restricting access to the video-core's HTTP server until a patch is available. As a temporary workaround, avoid using the camera "replace" feature to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Smartthings Hub