Vulnerability-Lookup

CVE-2018-3909 (GCVE-0-2018-3909)

Vulnerability from cvelistv5 – Published: 2018-08-24 00:00 – Updated: 2024-09-17 02:10

Summary

Severity ?

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE

HTTP Request Smuggling

Assigner

talos

References

URL

Tags

https://talosintelligence.com/vulnerability_repor…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Talos	Samsung	Affected: Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:57:24.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung",
          "vendor": "Talos",
          "versions": [
            {
              "status": "affected",
              "version": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
            }
          ]
        }
      ],
      "datePublic": "2018-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP Request Smuggling",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:05:51",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2018-07-26T00:00:00",
          "ID": "CVE-2018-3909",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Talos"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP Request Smuggling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2018-3909",
    "datePublished": "2018-08-24T00:00:00Z",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-09-17T02:10:41.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69ED63CA-72C3-4337-B1ED-1696DB316B0F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B42493E-7140-4A19-B94A-2F6262D0BCDA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad explotable en el analizador REST del servidor HTTP de video-core de Samsung SmartThings Hub STH-ETH-250 en su versi\\u00f3n de firmware 0.20.17. El proceso video-core maneja incorrectamente las peticiones HTTP tuneladas, lo que permite que las peticiones sucesivas sobrescriban el m\\u00e9todo HTTP analizado anteriormente, \u0027onmessagecomplete\\\" callback. Un atacante puede enviar una petici\\u00f3n HTTP para provocar esta vulnerabilidad.\"}]",
      "id": "CVE-2018-3909",
      "lastModified": "2024-11-21T04:06:16.850",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}], \"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-08-24T00:29:00.317",
      "references": "[{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-444\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-3909\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2018-08-24T00:29:00.317\",\"lastModified\":\"2024-11-21T04:06:16.850\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad explotable en el analizador REST del servidor HTTP de video-core de Samsung SmartThings Hub STH-ETH-250 en su versi\u00f3n de firmware 0.20.17. El proceso video-core maneja incorrectamente las peticiones HTTP tuneladas, lo que permite que las peticiones sucesivas sobrescriban el m\u00e9todo HTTP analizado anteriormente, \u0027onmessagecomplete\\\" callback. Un atacante puede enviar una petici\u00f3n HTTP para provocar esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69ED63CA-72C3-4337-B1ED-1696DB316B0F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B42493E-7140-4A19-B94A-2F6262D0BCDA\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-3909

Vulnerability from fkie_nvd - Published: 2018-08-24 00:29 - Updated: 2024-11-21 04:06

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Summary

References

	URL	Tags
	talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	samsung	sth-eth-250_firmware	0.20.17
	samsung	sth-eth-250	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "69ED63CA-72C3-4337-B1ED-1696DB316B0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B42493E-7140-4A19-B94A-2F6262D0BCDA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad explotable en el analizador REST del servidor HTTP de video-core de Samsung SmartThings Hub STH-ETH-250 en su versi\u00f3n de firmware 0.20.17. El proceso video-core maneja incorrectamente las peticiones HTTP tuneladas, lo que permite que las peticiones sucesivas sobrescriban el m\u00e9todo HTTP analizado anteriormente, \u0027onmessagecomplete\" callback. Un atacante puede enviar una petici\u00f3n HTTP para provocar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2018-3909",
  "lastModified": "2024-11-21T04:06:16.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-24T00:29:00.317",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-3909

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-3909

Aliases

CVE-2018-3909

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-3909",
    "description": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability.",
    "id": "GSD-2018-3909"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-3909"
      ],
      "details": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability.",
      "id": "GSD-2018-3909",
      "modified": "2023-12-13T01:22:43.505175Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "DATE_PUBLIC": "2018-07-26T00:00:00",
        "ID": "CVE-2018-3909",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Samsung",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Talos"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 9.1,
          "baseSeverity": "Critical",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "HTTP Request Smuggling"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2018-3909"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-444"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2023-02-04T01:25Z",
      "publishedDate": "2018-08-24T00:29Z"
    }
  }
}

CNVD-2018-14281

Vulnerability from cnvd - Published: 2018-07-31

Title

Samsung SmartThings Hub video-core HTTP服务器缓冲区溢出漏洞（CNVD-2018-14281）

Description

Samsung SmartThings Hub是韩国三星（Samsung）公司的一款智能家居管理设备。video-core HTTP server是其中的一个HTTP服务器。 Samsung SmartThings Hub中的video-core HTTP服务器的REST解析器存在安全漏洞，该漏洞源于程序未能正确的处理用管线传输的请求。攻击者通过发送HTTP请求利用该漏洞覆盖之前解析的HTTP方法。

Severity

高

Patch Name

Samsung SmartThings Hub video-core HTTP服务器缓冲区溢出漏洞（CNVD-2018-14281）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.samsung.com/us/smart-home/smartthings/

Reference

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0577

Impacted products

Name
Samsung SmartThings Hub

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3909"
    }
  },
  "description": "Samsung SmartThings Hub\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u5bb6\u5c45\u7ba1\u7406\u8bbe\u5907\u3002video-core HTTP server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\u670d\u52a1\u5668\u3002\r\n\r\nSamsung SmartThings Hub\u4e2d\u7684video-core HTTP\u670d\u52a1\u5668\u7684REST\u89e3\u6790\u5668\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u7528\u7ba1\u7ebf\u4f20\u8f93\u7684\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u901a\u8fc7\u53d1\u9001HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u4e4b\u524d\u89e3\u6790\u7684HTTP\u65b9\u6cd5\u3002",
  "discovererName": "Claudio Bozzato of Cisco Talos",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.samsung.com/us/smart-home/smartthings/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14281",
  "openTime": "2018-07-31",
  "patchDescription": "Samsung SmartThings Hub\u662f\u97e9\u56fd\u4e09\u661f\uff08Samsung\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u667a\u80fd\u5bb6\u5c45\u7ba1\u7406\u8bbe\u5907\u3002video-core HTTP server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\u670d\u52a1\u5668\u3002\r\n\r\nSamsung SmartThings Hub\u4e2d\u7684video-core HTTP\u670d\u52a1\u5668\u7684REST\u89e3\u6790\u5668\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u7528\u7ba1\u7ebf\u4f20\u8f93\u7684\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u901a\u8fc7\u53d1\u9001HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u4e4b\u524d\u89e3\u6790\u7684HTTP\u65b9\u6cd5\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Samsung SmartThings Hub video-core HTTP\u670d\u52a1\u5668\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2018-14281\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Samsung SmartThings Hub"
  },
  "referenceLink": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0577",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-31",
  "title": "Samsung SmartThings Hub video-core HTTP\u670d\u52a1\u5668\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2018-14281\uff09"
}

GHSA-59HG-JXH2-2QG8

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01

Details

Severity ?

8.6 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-3909"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-24T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability.",
  "id": "GHSA-59hg-jxh2-2qg8",
  "modified": "2022-05-13T01:01:58Z",
  "published": "2022-05-13T01:01:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3909"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201808-0924

Vulnerability from variot - Updated: 2023-12-18 12:43

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers. A security vulnerability exists in the REST resolver for the video-coreHTTP server in SamsungSmartThingsHub, which stems from a program failing to properly handle requests that are transmitted in a pipeline

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0924",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sth-eth-250",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "samsung",
        "version": "0.20.17"
      },
      {
        "model": "smartthings hub sth-eth-250",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "samsung",
        "version": "0.20.17"
      },
      {
        "model": "smartthings hub",
        "scope": null,
        "trust": 0.6,
        "vendor": "samsung",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovered by Claudio Bozzato of Cisco Talos",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-3909",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-3909",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-14281",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-133940",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 4.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 8.6,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-3909",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-3909",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2018-3909",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-14281",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1952",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-133940",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable vulnerability exists in the REST parser of video-core\u0027s HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, \u0027onmessagecomplete\u0027 callback. An attacker can send an HTTP request to trigger this vulnerability. SamsungSmartThingsHub is a smart home management device from South Korea\u0027s Samsung. video-coreHTTPserver is one of the HTTP servers. A security vulnerability exists in the REST resolver for the video-coreHTTP server in SamsungSmartThingsHub, which stems from a program failing to properly handle requests that are transmitted in a pipeline",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133940"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-3909",
        "trust": 3.1
      },
      {
        "db": "TALOS",
        "id": "TALOS-2018-0577",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-133940",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ]
  },
  "id": "VAR-201808-0924",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133940"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:43:52.899000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SmartThings Hub",
        "trust": 0.8,
        "url": "https://www.smartthings.com/products/smartthings-hub"
      },
      {
        "title": "Patch for SamsungSmartThingsHubvideo-coreHTTP Server Buffer Overflow Vulnerability (CNVD-2018-14281)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/135941"
      },
      {
        "title": "Samsung SmartThings Hub video-core HTTP Server Buffer Error Vulnerability Fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82691"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-444",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-133940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0577"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3909"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3909"
      },
      {
        "trust": 0.6,
        "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2018-0577"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "db": "VULHUB",
        "id": "VHN-133940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "date": "2018-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-133940"
      },
      {
        "date": "2018-11-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "date": "2018-08-24T00:29:00.317000",
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "date": "2018-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-14281"
      },
      {
        "date": "2023-02-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-133940"
      },
      {
        "date": "2018-11-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      },
      {
        "date": "2023-02-04T01:25:51.220000",
        "db": "NVD",
        "id": "CVE-2018-3909"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Samsung SmartThings Hub STH-ETH-250 In firmware  HTTP Request smuggling vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009306"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "environmental issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1952"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-3909 (GCVE-0-2018-3909)

FKIE_CVE-2018-3909

GSD-2018-3909

CNVD-2018-14281

GHSA-59HG-JXH2-2QG8

VAR-201808-0924

Tags

Sightings

Nomenclature