Vulnerabilities > Samsung > STH ETH 250 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-28 CVE-2018-3908 HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17.
network
low complexity
samsung CWE-444
7.5
7.5
2018-08-28 CVE-2018-3895 Classic Buffer Overflow vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17.
network
low complexity
samsung CWE-120
8.8
8.8
2018-08-27 CVE-2018-3918 Improper Enforcement of Message or Data Structure vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-707
7.5
7.5
2018-08-27 CVE-2018-3893 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-787
8.8
8.8
2018-08-24 CVE-2018-3909 HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-444
8.6
8.6
2018-08-23 CVE-2018-3911 HTTP Response Splitting vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-113
8.6
8.6
2018-08-23 CVE-2018-3912 Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack.
local
low complexity
samsung CWE-787
7.8
7.8
2018-08-23 CVE-2018-3879 SQL Injection vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17.
network
low complexity
samsung CWE-89
8.8
8.8