CVE-2018-3918
First published: Mon Aug 27 2018(Updated: )
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung STH-ETH-250 | =0.20.17 | |
| Samsung STH-ETH-250 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-3918?
CVE-2018-3918 is a critical severity vulnerability that can allow unauthorized access to sensitive data.
How do I fix CVE-2018-3918?
To fix CVE-2018-3918, update the Samsung SmartThings Hub to the latest firmware version that patches this vulnerability.
What type of attack can be executed due to CVE-2018-3918?
CVE-2018-3918 can be exploited for unauthorized message relay to SmartThings' remote servers, potentially compromising user privacy.
Which devices are affected by CVE-2018-3918?
CVE-2018-3918 affects the Samsung SmartThings Hub STH-ETH-250 with firmware version 0.20.17.
Is CVE-2018-3918 remotely exploitable?
Yes, CVE-2018-3918 is remotely exploitable due to its presence in the hubCore process listening on a public-facing port.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samsung
- canonical/samsung sth-eth-250
- version/samsung sth-eth-250/0.20.17
- canonical/samsung sth-eth-250 firmware