CVE-2018-3880

Опубликовано: 23 авг. 2018

Источник: nvd

CVSS3: 8.2

CVSS3: 9.9

CVSS2: 9

EPSS Низкий

Описание

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0557
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*

cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00201

Низкий

8.2 High

CVSS3

9.9 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-8f53-7gp7-39vp

CVSS3: 9.9

github

больше 3 лет назад

EPSS

Процентиль: 42%

0.00201

Низкий

8.2 High

CVSS3

9.9 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-787