VYPR

SmartThings Hub STH-ETH-250

by Samsung Mobile

CVEs (33)

  • CVE-2018-3856CriAug 23, 2018
    risk 0.65cvss 9.9epss 0.03

    An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can…

  • CVE-2018-3867CriAug 23, 2018
    risk 0.65cvss 9.9epss 0.02

    An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received…

  • CVE-2018-3877CriSep 21, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an…

  • CVE-2018-3874CriSep 21, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an…

  • CVE-2018-3873CriSep 21, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an…

  • CVE-2018-3875CriSep 10, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer…

  • CVE-2018-3904CriAug 27, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a…

  • CVE-2018-3880CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.01

    An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its…

  • CVE-2018-3919CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.01

    An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips"…

  • CVE-2018-3917CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.01

    On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this…

  • CVE-2018-3905CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.01

    An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON…

  • CVE-2018-3902CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON…

  • CVE-2018-3878CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.02

    Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload,…

  • CVE-2018-3863CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.02

    On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A…

  • CVE-2018-3894HigSep 21, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can…

  • CVE-2018-3876HigSep 21, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an…

  • CVE-2018-3865HigSep 20, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an…

  • CVE-2018-3864HigSep 20, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an…

  • CVE-2018-3897HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a…

  • CVE-2018-3896HigSep 10, 2018
    risk 0.57cvss 8.8epss 0.02

    An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a…

Page 1 of 2