Vulnerabilities > Samsung > STH ETH 250 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-08-23 CVE-2018-3863 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack.
network
low complexity
samsung CWE-787
critical
9.9
2018-08-23 CVE-2018-3867 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-787
critical
9.9
2018-08-23 CVE-2018-3878 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-119
critical
9.9
2018-08-23 CVE-2018-3902 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-787
critical
9.9
2018-08-23 CVE-2018-3903 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack.
network
low complexity
samsung CWE-787
critical
9.9
2018-08-23 CVE-2018-3905 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-119
critical
9.9
2018-08-23 CVE-2018-3917 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack.
network
low complexity
samsung CWE-119
critical
9.9
2018-08-23 CVE-2018-3919 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-787
critical
9.9
2018-08-23 CVE-2018-3925 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-119
critical
9.9