Sign-up

ID

VAR-201808-0903


CVE

CVE-2018-3926


TITLE

Samsung SmartThings Hub STH-ETH-250 Firmware integer underflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010021

DESCRIPTION

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. Samsung SmartThings Hub is prone to a denial-of-service vulnerability. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Samsung SmartThings Hub STH-ETH-250 0.20.17 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2018-3926 // JVNDB: JVNDB-2018-010021 // CNVD: CNVD-2018-17085 // BID: 105162 // VULHUB: VHN-133957

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-17085

AFFECTED PRODUCTS

vendor:samsungmodel:sth-eth-250scope:eqversion:0.20.17

Trust: 1.6

vendor:samsungmodel:smartthings hub sth-eth-250scope:eqversion:0.20.17

Trust: 1.1

vendor:samsungmodel:smartthings hubscope: - version: -

Trust: 0.6

vendor:samsungmodel:smartthings hub sth-eth-250-scope:eqversion:0.20.17

Trust: 0.6

sources: CNVD: CNVD-2018-17085 // BID: 105162 // JVNDB: JVNDB-2018-010021 // CNNVD: CNNVD-201807-1957 // NVD: CVE-2018-3926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3926
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3926
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3926
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-17085
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-1957
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133957
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3926
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-17085
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-133957
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3926
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3926
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2018-3926
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-17085 // VULHUB: VHN-133957 // JVNDB: JVNDB-2018-010021 // CNNVD: CNNVD-201807-1957 // NVD: CVE-2018-3926 // NVD: CVE-2018-3926

PROBLEMTYPE DATA

problemtype:CWE-191

Trust: 1.9

sources: VULHUB: VHN-133957 // JVNDB: JVNDB-2018-010021 // NVD: CVE-2018-3926

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1957

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201807-1957

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010021

PATCH
title:SmartThings Huburl:https://www.smartthings.com/products/smartthings-hub
Trust: 0.8
title:SamsungSmartThingsHub Patch for Integer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/139091
Trust: 0.6
title:Samsung SmartThings Hub Fixes for digital error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82696
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-17085 // 
            
            
            
            JVNDB: JVNDB-2018-010021 // 
            
            
            
            CNNVD: CNNVD-201807-1957

EXTERNAL IDS
db:TALOSid:TALOS-2018-0593
Trust: 3.4
db:NVDid:CVE-2018-3926
Trust: 3.4
db:BIDid:105162
Trust: 2.0
db:JVNDBid:JVNDB-2018-010021
Trust: 0.8
db:CNNVDid:CNNVD-201807-1957
Trust: 0.7
db:CNVDid:CNVD-2018-17085
Trust: 0.6
db:SEEBUGid:SSVID-97445
Trust: 0.1
db:VULHUBid:VHN-133957
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-17085 // 
            
            
            
            VULHUB: VHN-133957 // 
            
            
            
            BID: 105162 // 
            
            
            
            JVNDB: JVNDB-2018-010021 // 
            
            
            
            CNNVD: CNNVD-201807-1957 // 
            
            
            
            NVD: CVE-2018-3926

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0593
Trust: 2.8
url:http://www.securityfocus.com/bid/105162
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3926
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3926
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0593
Trust: 0.6
url:http://www.samsung.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-17085 // 
            
            
            
            VULHUB: VHN-133957 // 
            
            
            
            BID: 105162 // 
            
            
            
            JVNDB: JVNDB-2018-010021 // 
            
            
            
            CNNVD: CNNVD-201807-1957 // 
            
            
            
            NVD: CVE-2018-3926

CREDITS
Discovered by Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201807-1957

SOURCES
db:CNVDid:CNVD-2018-17085
db:VULHUBid:VHN-133957
db:BIDid:105162
db:JVNDBid:JVNDB-2018-010021
db:CNNVDid:CNNVD-201807-1957
db:NVDid:CVE-2018-3926

LAST UPDATE DATE
2024-11-23T23:08:36.172000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-17085date:2018-08-31T00:00:00
db:VULHUBid:VHN-133957date:2023-03-04T00:00:00
db:BIDid:105162date:2018-08-26T00:00:00
db:JVNDBid:JVNDB-2018-010021date:2018-12-04T00:00:00
db:CNNVDid:CNNVD-201807-1957date:2022-04-20T00:00:00
db:NVDid:CVE-2018-3926date:2024-11-21T04:06:18.990

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-17085date:2018-08-31T00:00:00
db:VULHUBid:VHN-133957date:2018-08-28T00:00:00
db:BIDid:105162date:2018-08-26T00:00:00
db:JVNDBid:JVNDB-2018-010021date:2018-12-04T00:00:00
db:CNNVDid:CNNVD-201807-1957date:2018-07-30T00:00:00
db:NVDid:CVE-2018-3926date:2018-08-28T17:29:02.063