CVE-2018-3926: Integer Underflow
First published: Tue Aug 28 2018(Updated: )
An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Sth-eth-250 Firmware | =0.20.17 | |
| Samsung Sth-eth-250 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/samsung
- canonical/samsung sth-eth-250 firmware
- version/samsung sth-eth-250 firmware/0.20.17
- canonical/samsung sth-eth-250