Sign-up

ID

VAR-201808-0925


CVE

CVE-2018-3911


TITLE

Samsung SmartThings Hub STH-ETH-250 In firmware HTTP Response splitting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009458

DESCRIPTION

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. The vulnerability stems from a program failing to properly process JSON messages

Trust: 2.25

sources: NVD: CVE-2018-3911 // JVNDB: JVNDB-2018-009458 // CNVD: CNVD-2018-17081 // VULHUB: VHN-133942

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-17081

AFFECTED PRODUCTS

vendor:samsungmodel:sth-eth-250scope:eqversion:0.20.17

Trust: 1.6

vendor:samsungmodel:smartthings hub sth-eth-250scope:eqversion:0.20.17

Trust: 0.8

vendor:samsungmodel:smartthings hubscope:eqversion:0.20.17

Trust: 0.6

sources: CNVD: CNVD-2018-17081 // JVNDB: JVNDB-2018-009458 // CNNVD: CNNVD-201807-1953 // NVD: CVE-2018-3911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3911
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3911
value: HIGH

Trust: 1.0

NVD: CVE-2018-3911
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-17081
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-1953
value: HIGH

Trust: 0.6

VULHUB: VHN-133942
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3911
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-17081
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-133942
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2018-3911
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2018-3911
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2018-17081 // VULHUB: VHN-133942 // JVNDB: JVNDB-2018-009458 // CNNVD: CNNVD-201807-1953 // NVD: CVE-2018-3911 // NVD: CVE-2018-3911

PROBLEMTYPE DATA

problemtype:CWE-113

Trust: 1.9

sources: VULHUB: VHN-133942 // JVNDB: JVNDB-2018-009458 // NVD: CVE-2018-3911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1953

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-1953

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009458

PATCH
title:SmartThings Huburl:https://www.smartthings.com/products/smartthings-hub
Trust: 0.8
title:SamsungSmartThingsHubHTTP response split vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/139071
Trust: 0.6
title:Samsung SmartThings Hub Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82692
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-17081 // 
            
            
            
            JVNDB: JVNDB-2018-009458 // 
            
            
            
            CNNVD: CNNVD-201807-1953

EXTERNAL IDS
db:NVDid:CVE-2018-3911
Trust: 3.1
db:TALOSid:TALOS-2018-0578
Trust: 3.1
db:JVNDBid:JVNDB-2018-009458
Trust: 0.8
db:CNNVDid:CNNVD-201807-1953
Trust: 0.7
db:CNVDid:CNVD-2018-17081
Trust: 0.6
db:SEEBUGid:SSVID-97449
Trust: 0.1
db:VULHUBid:VHN-133942
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-17081 // 
            
            
            
            VULHUB: VHN-133942 // 
            
            
            
            JVNDB: JVNDB-2018-009458 // 
            
            
            
            CNNVD: CNNVD-201807-1953 // 
            
            
            
            NVD: CVE-2018-3911

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0578
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3911
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3911
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0578
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-17081 // 
            
            
            
            VULHUB: VHN-133942 // 
            
            
            
            JVNDB: JVNDB-2018-009458 // 
            
            
            
            CNNVD: CNNVD-201807-1953 // 
            
            
            
            NVD: CVE-2018-3911

CREDITS
Discovered by Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201807-1953

SOURCES
db:CNVDid:CNVD-2018-17081
db:VULHUBid:VHN-133942
db:JVNDBid:JVNDB-2018-009458
db:CNNVDid:CNNVD-201807-1953
db:NVDid:CVE-2018-3911

LAST UPDATE DATE
2024-11-23T22:34:08.080000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-17081date:2018-08-31T00:00:00
db:VULHUBid:VHN-133942date:2023-02-04T00:00:00
db:JVNDBid:JVNDB-2018-009458date:2018-11-20T00:00:00
db:CNNVDid:CNNVD-201807-1953date:2022-04-20T00:00:00
db:NVDid:CVE-2018-3911date:2024-11-21T04:06:17.127

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-17081date:2018-08-31T00:00:00
db:VULHUBid:VHN-133942date:2018-08-23T00:00:00
db:JVNDBid:JVNDB-2018-009458date:2018-11-20T00:00:00
db:CNNVDid:CNNVD-201807-1953date:2018-07-30T00:00:00
db:NVDid:CVE-2018-3911date:2018-08-23T22:29:00.680