Buffer Overflow Vulnerabilities in Samsung SmartThings Hub from Video-Core HTTP Server
CVE-2018-3878

9.9CRITICAL

Key Information:

Vendor: Samsung
Status: Smartthings Hub Sth-eth-250
Vendor: CVE Published:; 23 August 2018

What is CVE-2018-3878?

Multiple exploitable buffer overflow vulnerabilities have been identified in the credentials handler of the video-core's HTTP server in Samsung SmartThings Hub STH-ETH-250 devices running firmware version 0.20.17. This issue arises from improper extraction of fields from a user-controlled JSON payload, allowing for a stack buffer overflow. In particular, a vulnerable strncpy function can cause a buffer overflow on the destination buffer, which has a limited size of just 16 bytes. By sending an excessively long 'region' value, an attacker can exploit this vulnerability, potentially leading to arbitrary code execution or other security breaches.

Affected Version(s)

SmartThings Hub STH-ETH-250 Firmware version 0.20.17

References

https://www.talosintelligence.com/vulnerability_reports/T...

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2018
Vulnerability Reserved
Jan 2, 2018