CVE-2018-3926

Exploit

EPSS 0.16%
Published 28.08.2018 17:29:02
Last modified 21.11.2024 04:06:18
Source talos-cna@cisco.com
Teams watchlist Login
Open Login

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Sth-eth-250 Firmware Version0.20.17

Samsung ≫ Sth-eth-250 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.383

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C
talos-cna@cisco.com	5.3	0.8	4	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

http://www.securityfocus.com/bid/105162

Third Party Advisory

Broken Link

VDB Entry

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-3926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-3926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-3926

EUVD