Command injection in SmartThings Hub STH-ETH-250

#VU14063 Command injection in SmartThings Hub STH-ETH-250

Published: 2018-07-30

Vulnerability identifier: #VU14063

Vulnerability risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3856

CWE-ID: CWE-77

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SmartThings Hub STH-ETH-250
Hardware solutions / Firmware

Vendor: Samsung

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub due to incorrect handling of spaces in the URL field. A remote attacker can send a series of HTTP requests, inject and execute arbitrary command with elevated privileges.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links
http://www.talosintelligence.com/reports/TALOS-2018-0539/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Samsung SmartThings Hub