CVE-2018-3926

Exploit

EPSS 0.16%
Veröffentlicht 28.08.2018 17:29:02
Zuletzt bearbeitet 21.11.2024 04:06:18
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samsung ≫ Sth-eth-250 Firmware Version0.20.17

Samsung ≫ Sth-eth-250 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.383

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C
talos-cna@cisco.com	5.3	0.8	4	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

http://www.securityfocus.com/bid/105162

Third Party Advisory

Broken Link

VDB Entry

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-3926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-3926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-3926

EUVD