cnvd - cnvd-2018-17074

CNVD-2018-17074

Vulnerability from cnvd - Published: 2018-08-31

Title

Samsung SmartThings Hub栈缓冲区溢出漏洞

Description

Samsung SmartThings Hub是韩国三星（Samsung）公司的一款智能家居管理设备。video-core HTTP server是其中的一个HTTP服务器。使用0.20.17版本固件的Samsung SmartThings Hub STH-ETH-250中的video-core HTTP服务器的database字段检索存在栈缓冲区溢出漏洞。攻击者可通过发送HTTP请求利用该漏洞执行任意代码。

Severity

高

Patch Name

Samsung SmartThings Hub栈缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://www.smartthings.com/products/smartthings-hub

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-3916

Impacted products

Name
Samsung Samsung SmartThings Hub STH-ETH-250 0.20.17

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3916"
    }
  },
  "description": "Samsung SmartThings Hub\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u5bb6\u5c45\u7ba1\u7406\u8bbe\u5907\u3002video-core HTTP server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\u670d\u52a1\u5668\u3002\r\n\r\n\u4f7f\u75280.20.17\u7248\u672c\u56fa\u4ef6\u7684Samsung SmartThings Hub STH-ETH-250\u4e2d\u7684video-core HTTP\u670d\u52a1\u5668\u7684database\u5b57\u6bb5\u68c0\u7d22\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.smartthings.com/products/smartthings-hub",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17074",
  "openTime": "2018-08-31",
  "patchDescription": "Samsung SmartThings Hub\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u5bb6\u5c45\u7ba1\u7406\u8bbe\u5907\u3002video-core HTTP server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\u670d\u52a1\u5668\u3002\r\n\r\n\u4f7f\u75280.20.17\u7248\u672c\u56fa\u4ef6\u7684Samsung SmartThings Hub STH-ETH-250\u4e2d\u7684video-core HTTP\u670d\u52a1\u5668\u7684database\u5b57\u6bb5\u68c0\u7d22\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Samsung SmartThings Hub\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Samsung Samsung SmartThings Hub STH-ETH-250 0.20.17"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-3916",
  "serverity": "\u9ad8",
  "submitTime": "2018-08-29",
  "title": "Samsung SmartThings Hub\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2018-3916 (GCVE-0-2018-3916)

Vulnerability from cvelistv5 – Published: 2018-08-28 20:00 – Updated: 2024-09-16 18:44

Summary

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

Buffer Overflow

Assigner

talos

References

URL

Tags

https://talosintelligence.com/vulnerability_repor…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Samsung	Samsung	Affected: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:57:24.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung",
          "vendor": "Samsung",
          "versions": [
            {
              "status": "affected",
              "version": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
            }
          ]
        }
      ],
      "datePublic": "2018-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long \u0027directory\u0027 value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:05:59",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2018-07-26T00:00:00",
          "ID": "CVE-2018-3916",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long \u0027directory\u0027 value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.5,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2018-3916",
    "datePublished": "2018-08-28T20:00:00Z",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-09-16T18:44:01.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-17074

CVE-2018-3916 (GCVE-0-2018-3916)

Tags

Sightings

Nomenclature