CVE-2018-3907

Name of the Vulnerable Software and Affected Versions Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17

Description The issue arises from the incorrect handling of pipelined HTTP requests by the video-core process in the Samsung SmartThings Hub's HTTP server. This allows successive requests to overwrite the previously parsed HTTP method, specifically the 'on url' callback. An attacker can exploit this by sending a crafted HTTP request.

Recommendations For Firmware version 0.20.17, consider restricting access to the video-core's HTTP server until a patch is available. As a temporary workaround, avoid using pipelined HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.