CVE-2018-3907

Опубликовано: 24 авг. 2018

Источник: nvd

CVSS3: 9.1

CVSS3: 10

CVSS2: 6.4

EPSS Низкий

Описание

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*

cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.0048

Низкий

9.1 Critical

CVSS3

10 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-444

Связанные уязвимости

GHSA-g2r7-8mg8-q272

CVSS3: 8.6

github

больше 3 лет назад

EPSS

Процентиль: 65%

0.0048

Низкий

9.1 Critical

CVSS3

10 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-444