Vulnerabilities > Samsung > STH ETH 250 Firmware > 0.20.17

DATE CVE VULNERABILITY TITLE RISK
2018-09-20 CVE-2018-3864 Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-120
8.8
8.8
2018-09-10 CVE-2018-3875 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.
network
low complexity
samsung CWE-119
critical
 9.9
9.9
2018-09-10 CVE-2018-3897 Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17.
network
low complexity
samsung CWE-120
8.8
8.8
2018-09-10 CVE-2018-3896 Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17.
network
low complexity
samsung CWE-120
8.8
8.8
2018-08-28 CVE-2018-3916 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
local
low complexity
samsung CWE-787
7.8
7.8
2018-08-28 CVE-2018-3908 HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.
network
low complexity
samsung CWE-444
7.5
7.5
2018-08-28 CVE-2018-3895 Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17.
network
low complexity
samsung CWE-120
8.8
8.8
2018-08-28 CVE-2018-3926 Integer Underflow (Wrap or Wraparound) vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
local
low complexity
samsung CWE-191
5.5
5.5
2018-08-27 CVE-2018-3927 Improper Certificate Validation vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
samsung CWE-295
4.3
4.3
2018-08-27 CVE-2018-3918 Improper Enforcement of Message or Data Structure vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-707
7.5
7.5