Stack-based Buffer Overflow in Samsung SmartThings Hub Devices
CVE-2018-3919

7.5HIGH

Key Information:

Vendor: Samsung
Status: Smartthings Hub Sth-eth-250
Vendor: CVE Published:; 23 August 2018

What is CVE-2018-3919?

A stack-based buffer overflow vulnerability has been identified in the video-core's HTTP server of the Samsung SmartThings Hub (STH-ETH-250) devices running firmware version 0.20.17. This flaw resides in the way the video-core process handles the retrieval of database fields, particularly from the 'clips' table in its SQLite database. By sending a crafted series of HTTP requests, an attacker can exploit this vulnerability, potentially leading to unauthorized actions or system instability. It is crucial for users of affected devices to apply security updates promptly to mitigate this risk.

Affected Version(s)

SmartThings Hub STH-ETH-250 Firmware version 0.20.17

References

https://www.talosintelligence.com/vulnerability_reports/T...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 23, 2018
Vulnerability Reserved
Jan 2, 2018