Stack-Based Buffer Overflow in Samsung SmartThings Hub
CVE-2018-3914

7.5HIGH

Key Information:

Vendor: Samsung
Status: Smartthings Hub Sth-eth-250
Vendor: CVE Published:; 21 September 2018

Summary

An exploitable stack-based buffer overflow flaw exists in the Samsung SmartThings Hub's video-core HTTP server. It stems from an unsafe 'strcpy' operation during the retrieval of database fields, which does not properly handle long 'sessionToken' values. When an attacker inputs an excessively long session token, it can lead to a buffer overflow, potentially allowing unauthorized access or disruption of service.

Affected Version(s)

SmartThings Hub STH-ETH-250 Firmware version 0.20.17

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 21, 2018
Vulnerability Reserved
Jan 2, 2018