CVE-2018-3909
First published: Fri Aug 24 2018(Updated: )
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung STH-ETH-250 | =0.20.17 | |
| Samsung STH-ETH-250 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-3909?
CVE-2018-3909 is rated as high severity due to the risk of exploitation through HTTP request manipulation.
How do I fix CVE-2018-3909?
To fix CVE-2018-3909, update the Samsung SmartThings Hub to a firmware version higher than 0.20.17.
What systems are affected by CVE-2018-3909?
CVE-2018-3909 affects the Samsung SmartThings Hub model STH-ETH-250 running firmware version 0.20.17.
What type of vulnerability is CVE-2018-3909?
CVE-2018-3909 is a REST parser vulnerability in the video-core HTTP server that can lead to improper request handling.
Can CVE-2018-3909 be exploited remotely?
Yes, CVE-2018-3909 can be exploited remotely through crafted HTTP requests sent to the vulnerable SmartThings Hub.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samsung
- canonical/samsung sth-eth-250
- version/samsung sth-eth-250/0.20.17
- canonical/samsung sth-eth-250 firmware