Details of VAR-201808-0917

ID

VAR-201808-0917

CVE

CVE-2018-3895

TITLE

Samsung SmartThings Hub STH-ETH-250 Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010253

DESCRIPTION

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. Samsung SmartThings Hub STH-ETH-250 The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers

Trust: 2.34

sources: NVD: CVE-2018-3895 // JVNDB: JVNDB-2018-010253 // CNVD: CNVD-2018-17069 // VULHUB: VHN-133926 // VULMON: CVE-2018-3895

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['home & office device']	sub_category:	smart home device	Trust: 0.1
category:	['home & office device']	sub_category:	smart home controller	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-17069

AFFECTED PRODUCTS

vendor:	samsung	model:	sth-eth-250	scope:	eq	version:	0.20.17	Trust: 1.6
vendor:	samsung	model:	smartthings hub sth-eth-250	scope:	eq	version:	0.20.17	Trust: 1.4

sources: CNVD: CNVD-2018-17069 // JVNDB: JVNDB-2018-010253 // CNNVD: CNNVD-201808-868 // NVD: CVE-2018-3895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-3895
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2018-3895
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-3895
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-17069
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201808-868
value:	HIGH
Trust: 0.6
VULHUB:	VHN-133926
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-3895
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-3895
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-17069
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-133926
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-3895
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2018-3895
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2018-3895
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-17069 // VULHUB: VHN-133926 // VULMON: CVE-2018-3895 // JVNDB: JVNDB-2018-010253 // CNNVD: CNNVD-201808-868 // NVD: CVE-2018-3895 // NVD: CVE-2018-3895

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-133926 // JVNDB: JVNDB-2018-010253 // NVD: CVE-2018-3895

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-868

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201808-868

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010253

PATCH

title:	SmarThings Hub	url:	https://www.smartthings.com/products/smartthings-hub	Trust: 0.8
title:	Patch for SamsungSmartThingsHub Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/139003	Trust: 0.6
title:	Samsung SmartThings Hub STH-ETH-250 video-core HTTP Server Buffer Error Vulnerability Fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=84318	Trust: 0.6
title:	Awesome CVE PoC	url:	https://github.com/lnick2023/nicenice	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1

sources: CNVD: CNVD-2018-17069 // VULMON: CVE-2018-3895 // JVNDB: JVNDB-2018-010253 // CNNVD: CNNVD-201808-868

EXTERNAL IDS

db:	NVD	id:	CVE-2018-3895	Trust: 3.3
db:	TALOS	id:	TALOS-2018-0570	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-010253	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-868	Trust: 0.7
db:	CNVD	id:	CNVD-2018-17069	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-133926	Trust: 0.1
db:	VULMON	id:	CVE-2018-3895	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-17069 // VULHUB: VHN-133926 // VULMON: CVE-2018-3895 // JVNDB: JVNDB-2018-010253 // CNNVD: CNNVD-201808-868 // NVD: CVE-2018-3895

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-3895	Trust: 2.2
url:	https://talosintelligence.com/vulnerability_reports/talos-2018-0570	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3895	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/lnick2023/nicenice	Trust: 0.1
url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-17069 // VULHUB: VHN-133926 // VULMON: CVE-2018-3895 // JVNDB: JVNDB-2018-010253 // CNNVD: CNNVD-201808-868 // NVD: CVE-2018-3895

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2018-17069
db:	VULHUB	id:	VHN-133926
db:	VULMON	id:	CVE-2018-3895
db:	JVNDB	id:	JVNDB-2018-010253
db:	CNNVD	id:	CNNVD-201808-868
db:	NVD	id:	CVE-2018-3895

LAST UPDATE DATE

2025-01-30T21:21:33.046000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-17069	date:	2018-08-31T00:00:00
db:	VULHUB	id:	VHN-133926	date:	2022-12-02T00:00:00
db:	VULMON	id:	CVE-2018-3895	date:	2022-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-010253	date:	2018-12-10T00:00:00
db:	CNNVD	id:	CNNVD-201808-868	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2018-3895	date:	2024-11-21T04:06:15.330

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-17069	date:	2018-08-31T00:00:00
db:	VULHUB	id:	VHN-133926	date:	2018-08-28T00:00:00
db:	VULMON	id:	CVE-2018-3895	date:	2018-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-010253	date:	2018-12-10T00:00:00
db:	CNNVD	id:	CNNVD-201808-868	date:	2018-08-29T00:00:00
db:	NVD	id:	CVE-2018-3895	date:	2018-08-28T19:29:19.113