Main Vulnerability Database Vulnerabilities #VU14101

Integer underflow in SmartThings Hub STH-ETH-250 - CVE-2018-3926

Published: July 30, 2018

Vulnerability identifier: #VU14101

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-3926

CWE-ID: CWE-191

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Samsung

Affected software:
SmartThings Hub STH-ETH-250

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub due to integer underflow when incorrect handling of malformed files existing in its "data" directory. A remote attacker can send an HTTP request, trigger infinite loop and cause the service to crash.

How to mitigate CVE-2018-3926

Install update from vendor's website.

Sources

https://www.talosintelligence.com/reports/TALOS-2018-0593/

Integer underflow in SmartThings Hub STH-ETH-250 - CVE-2018-3926

Detailed vulnerability description

How to mitigate CVE-2018-3926

Sources

Please verify you're human