CVE-2018-3908

Name of the Vulnerable Software and Affected Versions Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17

Description An issue exists in the REST parser of the video-core's HTTP server, where it incorrectly handles pipelined HTTP requests. This allows successive requests to overwrite the previously parsed HTTP method, URL, and body. The on body callback, defined by sub 41734, can be triggered by an attacker sending a specific HTTP request to exploit this issue.

Recommendations For Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17, consider restricting access to the video-core's HTTP server until a patch is available. As a temporary workaround, avoid using the on body callback defined by sub 41734 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.