First published: Fri Sep 21 2018(Updated: )
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Samsung Sth-eth-250 Firmware | =0.20.17 | |
Samsung Sth-eth-250 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.