Buffer Overflow Vulnerability in Samsung SmartThings Hub Firmware
CVE-2018-3893

9.9CRITICAL

Key Information:

Vendor: Samsung
Status: Sth-eth-250 Firmware
Vendor: CVE Published:; 27 August 2018

Summary

A buffer overflow vulnerability in the HTTP server of Samsung SmartThings Hub allows attackers to exploit the system through specially crafted JSON payloads. When an attacker sends an HTTP request that triggers this vulnerability, it can lead to unauthorized access and potential control over the affected device. The issue arises from the improper extraction of fields from user-controlled input, enabling attackers to manipulate the stack and execute arbitrary code. Keeping firmware up to date is essential to mitigate this risk and ensure device security.

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 27, 2018
Vulnerability Reserved
Jan 2, 2018