CVE-2018-3918

Published: Aug 27, 2018

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.0

6.5

MEDIUM

Description

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.

Vendor	Product	Versions
Samsung	Samsung	affected `Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17`

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0582

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-3918

Description

Affected Products

CVSS v3.0 Details

References