CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-3880

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile38.15th
Published2018年8月23日
Last Modified2024年11月21日

Vulnerability Description

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

Affected Platforms (CPE)

💻
Samsung

Sth Eth 250 Firmware

= 0.20.17

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557

相关漏洞威胁

CVE-2018-390710.0

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Fi...

CVE-2018-38789.9

Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung Smart...

CVE-2018-38679.9

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP ...

CVE-2018-38639.9

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields f...

CVE-2018-3880 Detail & Impact Analysis | CVSS 9.9 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space