Sign-up

ID

VAR-201808-0896


CVE

CVE-2018-3918


TITLE

Samsung SmartThings Hub STH-ETH-250 - Firmware Vulnerable to improper enforcement of messages or data structures

Trust: 0.8

sources: JVNDB: JVNDB-2018-010072

DESCRIPTION

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. The camera ID of the 'sync' operation

Trust: 2.25

sources: NVD: CVE-2018-3918 // JVNDB: JVNDB-2018-010072 // CNVD: CNVD-2018-17084 // VULHUB: VHN-133949

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-17084

AFFECTED PRODUCTS

vendor:samsungmodel:sth-eth-250scope:eqversion:0.20.17

Trust: 1.6

vendor:samsungmodel:smartthings hub sth-eth-250scope:eqversion:0.20.17

Trust: 0.8

vendor:samsungmodel:smartthings hubscope:eqversion:0.20.17

Trust: 0.6

vendor:samsungmodel:smartthings hub sth-eth-250-scope:eqversion:0.20.17

Trust: 0.6

sources: CNVD: CNVD-2018-17084 // JVNDB: JVNDB-2018-010072 // CNNVD: CNNVD-201807-1956 // NVD: CVE-2018-3918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3918
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3918
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3918
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-17084
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-1956
value: HIGH

Trust: 0.6

VULHUB: VHN-133949
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3918
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-17084
severity: MEDIUM
baseScore: 6.1
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-133949
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3918
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3918
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.2
version: 3.0

Trust: 1.0

NVD: CVE-2018-3918
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-17084 // VULHUB: VHN-133949 // JVNDB: JVNDB-2018-010072 // CNNVD: CNNVD-201807-1956 // NVD: CVE-2018-3918 // NVD: CVE-2018-3918

PROBLEMTYPE DATA

problemtype:CWE-707

Trust: 1.9

problemtype:CWE-264

Trust: 0.1

sources: VULHUB: VHN-133949 // JVNDB: JVNDB-2018-010072 // NVD: CVE-2018-3918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1956

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201807-1956

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010072

PATCH
title:SmartThings Huburl:https://www.smartthings.com/products/smartthings-hub
Trust: 0.8
title:SamsungSmartThingsHub denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/139087
Trust: 0.6
title:Samsung SmartThings Hub Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82695
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-17084 // 
            
            
            
            JVNDB: JVNDB-2018-010072 // 
            
            
            
            CNNVD: CNNVD-201807-1956

EXTERNAL IDS
db:TALOSid:TALOS-2018-0582
Trust: 3.1
db:NVDid:CVE-2018-3918
Trust: 3.1
db:JVNDBid:JVNDB-2018-010072
Trust: 0.8
db:CNNVDid:CNNVD-201807-1956
Trust: 0.7
db:CNVDid:CNVD-2018-17084
Trust: 0.6
db:SEEBUGid:SSVID-97454
Trust: 0.1
db:VULHUBid:VHN-133949
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-17084 // 
            
            
            
            VULHUB: VHN-133949 // 
            
            
            
            JVNDB: JVNDB-2018-010072 // 
            
            
            
            CNNVD: CNNVD-201807-1956 // 
            
            
            
            NVD: CVE-2018-3918

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0582
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3918
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3918
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0582
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-17084 // 
            
            
            
            VULHUB: VHN-133949 // 
            
            
            
            JVNDB: JVNDB-2018-010072 // 
            
            
            
            CNNVD: CNNVD-201807-1956 // 
            
            
            
            NVD: CVE-2018-3918

CREDITS
Discovered by Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201807-1956

SOURCES
db:CNVDid:CNVD-2018-17084
db:VULHUBid:VHN-133949
db:JVNDBid:JVNDB-2018-010072
db:CNNVDid:CNNVD-201807-1956
db:NVDid:CVE-2018-3918

LAST UPDATE DATE
2024-11-23T22:12:21.878000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-17084date:2018-08-31T00:00:00
db:VULHUBid:VHN-133949date:2018-11-09T00:00:00
db:JVNDBid:JVNDB-2018-010072date:2018-12-05T00:00:00
db:CNNVDid:CNNVD-201807-1956date:2022-04-20T00:00:00
db:NVDid:CVE-2018-3918date:2024-11-21T04:06:17.990

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-17084date:2018-08-30T00:00:00
db:VULHUBid:VHN-133949date:2018-08-27T00:00:00
db:JVNDBid:JVNDB-2018-010072date:2018-12-05T00:00:00
db:CNNVDid:CNNVD-201807-1956date:2018-07-30T00:00:00
db:NVDid:CVE-2018-3918date:2018-08-27T15:29:01.137