ID CVE-2018-3906
Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*
    cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*
  • cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*
    cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 04-02-2023 - 01:27)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
misc https://talosintelligence.com/vulnerability_reports/TALOS-2018-0576
Last major update 04-02-2023 - 01:27
Published 21-09-2018 - 15:29
Last modified 04-02-2023 - 01:27
Back to Top