Sign-up

ID

VAR-201808-0924


CVE

CVE-2018-3909


TITLE

Samsung SmartThings Hub STH-ETH-250 In firmware HTTP Request smuggling vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009306

DESCRIPTION

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability. SamsungSmartThingsHub is a smart home management device from South Korea's Samsung. video-coreHTTPserver is one of the HTTP servers. A security vulnerability exists in the REST resolver for the video-coreHTTP server in SamsungSmartThingsHub, which stems from a program failing to properly handle requests that are transmitted in a pipeline

Trust: 2.25

sources: NVD: CVE-2018-3909 // JVNDB: JVNDB-2018-009306 // CNVD: CNVD-2018-14281 // VULHUB: VHN-133940

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14281

AFFECTED PRODUCTS

vendor:samsungmodel:sth-eth-250scope:eqversion:0.20.17

Trust: 1.6

vendor:samsungmodel:smartthings hub sth-eth-250scope:eqversion:0.20.17

Trust: 0.8

vendor:samsungmodel:smartthings hubscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-14281 // JVNDB: JVNDB-2018-009306 // CNNVD: CNNVD-201807-1952 // NVD: CVE-2018-3909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3909
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3909
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-3909
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-14281
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-1952
value: HIGH

Trust: 0.6

VULHUB: VHN-133940
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3909
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-14281
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-133940
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3909
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3909
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: CVE-2018-3909
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-14281 // VULHUB: VHN-133940 // JVNDB: JVNDB-2018-009306 // CNNVD: CNNVD-201807-1952 // NVD: CVE-2018-3909 // NVD: CVE-2018-3909

PROBLEMTYPE DATA

problemtype:CWE-444

Trust: 1.9

sources: VULHUB: VHN-133940 // JVNDB: JVNDB-2018-009306 // NVD: CVE-2018-3909

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1952

TYPE

environmental issue

Trust: 0.6

sources: CNNVD: CNNVD-201807-1952

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009306

PATCH
title:SmartThings Huburl:https://www.smartthings.com/products/smartthings-hub
Trust: 0.8
title:Patch for SamsungSmartThingsHubvideo-coreHTTP Server Buffer Overflow Vulnerability (CNVD-2018-14281)url:https://www.cnvd.org.cn/patchInfo/show/135941
Trust: 0.6
title:Samsung SmartThings Hub video-core HTTP Server Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82691
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14281 // 
            
            
            
            JVNDB: JVNDB-2018-009306 // 
            
            
            
            CNNVD: CNNVD-201807-1952

EXTERNAL IDS
db:NVDid:CVE-2018-3909
Trust: 3.1
db:TALOSid:TALOS-2018-0577
Trust: 3.1
db:JVNDBid:JVNDB-2018-009306
Trust: 0.8
db:CNNVDid:CNNVD-201807-1952
Trust: 0.7
db:CNVDid:CNVD-2018-14281
Trust: 0.6
db:VULHUBid:VHN-133940
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14281 // 
            
            
            
            VULHUB: VHN-133940 // 
            
            
            
            JVNDB: JVNDB-2018-009306 // 
            
            
            
            CNNVD: CNNVD-201807-1952 // 
            
            
            
            NVD: CVE-2018-3909

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0577
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3909
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3909
Trust: 0.8
url:https://www.talosintelligence.com/vulnerability_reports/talos-2018-0577
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14281 // 
            
            
            
            VULHUB: VHN-133940 // 
            
            
            
            JVNDB: JVNDB-2018-009306 // 
            
            
            
            CNNVD: CNNVD-201807-1952 // 
            
            
            
            NVD: CVE-2018-3909

CREDITS
Discovered by Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201807-1952

SOURCES
db:CNVDid:CNVD-2018-14281
db:VULHUBid:VHN-133940
db:JVNDBid:JVNDB-2018-009306
db:CNNVDid:CNNVD-201807-1952
db:NVDid:CVE-2018-3909

LAST UPDATE DATE
2024-11-23T21:52:51.155000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14281date:2018-07-31T00:00:00
db:VULHUBid:VHN-133940date:2023-02-04T00:00:00
db:JVNDBid:JVNDB-2018-009306date:2018-11-14T00:00:00
db:CNNVDid:CNNVD-201807-1952date:2022-04-20T00:00:00
db:NVDid:CVE-2018-3909date:2024-11-21T04:06:16.850

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14281date:2018-07-31T00:00:00
db:VULHUBid:VHN-133940date:2018-08-24T00:00:00
db:JVNDBid:JVNDB-2018-009306date:2018-11-14T00:00:00
db:CNNVDid:CNNVD-201807-1952date:2018-07-30T00:00:00
db:NVDid:CVE-2018-3909date:2018-08-24T00:29:00.317