RSS   Vulnerabilities for
'Smartthings hub sth-eth-250-firmware'
   RSS

2018-08-28
 
CVE-2018-3926

CWE-191
 

 
An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.

 
2018-08-27
 
CVE-2018-3927

CWE-295
 

 
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability.

 
 
CVE-2018-3918

CWE-707
 

 
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.

 
 
CVE-2018-3904

CWE-119
 

 
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

 
 
CVE-2018-3893

CWE-119
 

 
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

 

 >>> Vendor: Samsung 78 Products
Ml-85g gdi printer driver
Ml-85p printer driver
Scx-4200 driver
Dvr shr2040
Data management server
Series 5 chromebook
Chromebox 3
Series 5 550 chromebook
Net-i viewer
Galaxy s
KIES
Printer firmware
Kies air
Galaxy note
Galaxy note 2
Galaxy s2
Samsungdive
Ps50c7700 television
Ps50c7700 television firmware
Smart viewer
DVR
Shr-5082
Shr-5162
Ipolis device manager
Findmymobile
Mobile
Smartviewer
Samsung security manager
Sbeam
Galaxy s5
Galaxy s6
Web viewer
Samsung mobile
Exynos fimg2d driver
KNOX
Exynos fimg2d
Exynos 5800
Galaxy app
Samsung account app
X12 firmware
X10p firmware
Nt14u firmware
X14j firmware
X14h firmware
M288ofw firmware
Galaxy s6 firmware
Galaxy note 3 firmware
Galaxy s4 mini firmware
Galaxy s4 firmware
Galaxy s4 mini lte firmware
Syncthru 6
Galaxy s6 edge firmware
Magician
Srn 1670d firmware
Srn 472s firmware
Srn 1000 firmware
Srn 470d firmware
850 pro firmware
Pm851 firmware
Internet browser
Knox enterprise mobility management
Knox identity access management
Display solutions
Syncthru web service
Sth-eth-250 firmware
Smartthings hub sth-eth-250-firmware
Galaxy s8 firmware
840 evo firmware
850 evo firmware
T3 firmware
T5 firmware
Scx-6545x firmware
X7400gx firmware
S10 firmware
S9+ firmware
Xcover 4 firmware
Scx-824 firmware
S-beam


Copyright 2019, cxsecurity.com

 

Back to Top