Multiple vulnerabilities in Samsung SmartThings Hub



Published: 2018-07-30
Risk High
Patch available YES
Number of vulnerabilities 40
CVE-ID CVE-2018-3856
CVE-2018-3863
CVE-2018-3864
CVE-2018-3865
CVE-2018-3866
CVE-2018-3867
CVE-2018-3872
CVE-2018-3873
CVE-2018-3874
CVE-2018-3875
CVE-2018-3876
CVE-2018-3877
CVE-2018-3878
CVE-2018-3879
CVE-2018-3880
CVE-2018-3893
CVE-2018-3894
CVE-2018-3895
CVE-2018-3896
CVE-2018-3897
CVE-2018-3902
CVE-2018-3903
CVE-2018-3904
CVE-2018-3905
CVE-2018-3906
CVE-2018-3907
CVE-2018-3908
CVE-2018-3909
CVE-2018-3911
CVE-2018-3912
CVE-2018-3913
CVE-2018-3914
CVE-2018-3915
CVE-2018-3916
CVE-2018-3917
CVE-2018-3919
CVE-2018-3918
CVE-2018-3925
CVE-2018-3926
CVE-2018-3927
CWE-ID CWE-77
CWE-121
CWE-89
CWE-20
CWE-113
CWE-122
CWE-835
CWE-191
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SmartThings Hub STH-ETH-250
Hardware solutions / Firmware

Vendor Samsung

Security Bulletin

This security bulletin contains information about 40 vulnerabilities.

1) Command injection

EUVDB-ID: #VU14063

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3856

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub due to incorrect handling of spaces in the URL field. A remote attacker can send a series of HTTP requests, inject and execute arbitrary command with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0539/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU14064

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3863

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting fields from a user-controlled JSON payload by the video-core process. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0548/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU14065

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3864

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting fields from a user-controlled JSON payload by the video-core process. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0548/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU14066

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3865

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting fields from a user-controlled JSON payload by the video-core process. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0548/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

EUVDB-ID: #VU14067

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3866

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting fields from a user-controlled JSON payload by the video-core process. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0548/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stack-based buffer overflow

EUVDB-ID: #VU14068

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3867

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub due to incorrect handling of the answer received from a smart camera. A remote attacker can send a series of HTTP requests, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0549/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Stack-based buffer overflow

EUVDB-ID: #VU14069

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3872

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of the videoHostUrl field from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0554/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stack-based buffer overflow

EUVDB-ID: #VU14070

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3873

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0555/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stack-based buffer overflow

EUVDB-ID: #VU14071

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3874

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0555/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stack-based buffer overflow

EUVDB-ID: #VU14072

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3875

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0555/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Stack-based buffer overflow

EUVDB-ID: #VU14073

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3876

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0555/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Stack-based buffer overflow

EUVDB-ID: #VU14074

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3877

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0555/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Stack-based buffer overflow

EUVDB-ID: #VU14075

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3878

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0555/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) SQL-injection

EUVDB-ID: #VU14076

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3879

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect parsing the user-controlled JSON payload. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in the video-core database.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0556/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Stack-based buffer overflow

EUVDB-ID: #VU14077

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3880

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the database "find-by-cameraId" functionality of video-core's HTTP server of Samsung SmartThings Hub due to incorrect handling of existing records inside its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0557/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Stack-based buffer overflow

EUVDB-ID: #VU14078

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3893

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0570/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Stack-based buffer overflow

EUVDB-ID: #VU14079

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3894

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0570/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Stack-based buffer overflow

EUVDB-ID: #VU14080

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3895

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0570/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Stack-based buffer overflow

EUVDB-ID: #VU14081

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3896

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0570/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Stack-based buffer overflow

EUVDB-ID: #VU14082

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3897

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0570/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Stack-based buffer overflow

EUVDB-ID: #VU14083

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3902

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of the URL field from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0573/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Stack-based buffer overflow

EUVDB-ID: #VU14084

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3903

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the camera "update" feature of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of the fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0574/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Stack-based buffer overflow

EUVDB-ID: #VU14085

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3904

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the camera "update" feature of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of the fields from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0574/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Stack-based buffer overflow

EUVDB-ID: #VU14086

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3905

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub due to incorrect extracting of the "state" field from a user-controlled JSON payload. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0575/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Stack-based buffer overflow

EUVDB-ID: #VU14087

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3906

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub due to insecure extracting of the shard.videoHostURL field from its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0576/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU14088

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3907

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite arbitrary data on the target system.

The weakness exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub due to incorrect handling of pipelined HTTP requests. A remote attacker can send an HTTP request and overwrite the previously parsed HTTP method, URL and body.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0577/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU14089

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3908

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite arbitrary data on the target system.

The weakness exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub due to incorrect handling of pipelined HTTP requests. A remote attacker can send an HTTP request and overwrite the previously parsed HTTP method, URL and body.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0577/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU14090

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3909

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite arbitrary data on the target system.

The weakness exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub due to incorrect handling of pipelined HTTP requests. A remote attacker can send an HTTP request and overwrite the previously parsed HTTP method, URL and body.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0577/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) HTTP header injection

EUVDB-ID: #VU14091

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3911

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject HTTP header on the target system.

The weakness exists in the remote servers of Samsung SmartThings Hub due to the hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages. A remote attacker can send an HTTP request and cause partially controlled requests to be generated toward the internal video-core process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0578/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Stack-based buffer overflow

EUVDB-ID: #VU14092

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3912

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub due to insecure extracting of the fields from the "shard" table of its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0581/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Stack-based buffer overflow

EUVDB-ID: #VU14093

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3913

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub due to insecure extracting of the fields from the "shard" table of its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0581/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Stack-based buffer overflow

EUVDB-ID: #VU14094

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3914

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub due to insecure extracting of the fields from the "shard" table of its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0581/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Stack-based buffer overflow

EUVDB-ID: #VU14095

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3915

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub due to insecure extracting of the fields from the "shard" table of its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0581/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Stack-based buffer overflow

EUVDB-ID: #VU14096

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3916

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub due to insecure extracting of the fields from the "shard" table of its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0581/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Stack-based buffer overflow

EUVDB-ID: #VU14097

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3917

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub due to insecure extracting of the fields from the "shard" table of its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0581/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Stack-based buffer overflow

EUVDB-ID: #VU14098

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3919

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub due to insecure extracting of the fields from the "clips" table of its SQLite database. A remote attacker can send an HTTP request, trigger stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0583/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU14099

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3918

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the remote servers of Samsung SmartThings Hub due to the hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers. A remote attacker can send an HTTP request, trigger incorrect handling of camera IDs for the "sync" operation, delete arbitrary cameras and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0582/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Heap-based buffer overflow

EUVDB-ID: #VU14100

Risk: Medium

CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3925

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub due to insecure parsing of the AWSELB cookie while communicating with remote video-host servers. A remote attacker able to impersonate the remote HTTP servers can send an HTTP request, trigger heap-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0591/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Integer underflow

EUVDB-ID: #VU14101

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3926

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub due to integer underflow when incorrect handling of malformed files existing in its "data" directory. A remote attacker can send an HTTP request, trigger infinite loop and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0593/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Information disclosure

EUVDB-ID: #VU14102

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3927

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub due to Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service when hubCore crashes. A remote attacker can impersonate the remote backtrace.io server and gain access to arbitrary data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links

http://www.talosintelligence.com/reports/TALOS-2018-0594/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###