HTTP header injection in SmartThings Hub STH-ETH-250

#VU14091 HTTP header injection in SmartThings Hub STH-ETH-250

Published: 2018-07-30

Vulnerability identifier: #VU14091

Vulnerability risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-3911

CWE-ID: CWE-113

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SmartThings Hub STH-ETH-250
Hardware solutions / Firmware

Vendor: Samsung

Description

The vulnerability allows a remote attacker to inject HTTP header on the target system.

The weakness exists in the remote servers of Samsung SmartThings Hub due to the hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages. A remote attacker can send an HTTP request and cause partially controlled requests to be generated toward the internal video-core process.

Mitigation
Install update from vendor's website.

Vulnerable software versions

SmartThings Hub STH-ETH-250: 0.20.17

External links
http://www.talosintelligence.com/reports/TALOS-2018-0578/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Samsung SmartThings Hub