CVE-2018-3927: Buffer Overflow
First published: Thu Jul 26 2018(Updated: )
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung STH-ETH-250 | =0.20.17 | |
| Samsung STH-ETH-250 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-3927?
CVE-2018-3927 is categorized as an information disclosure vulnerability.
How do I fix CVE-2018-3927?
There are no official patches available for CVE-2018-3927; consider upgrading to a more secure firmware version if available.
What devices are affected by CVE-2018-3927?
CVE-2018-3927 affects the Samsung SmartThings Hub STH-ETH-250 running firmware version 0.20.17.
What can an attacker do with CVE-2018-3927?
An attacker can exploit CVE-2018-3927 to gain access to sensitive information through minidumps sent over an insecure connection.
When was CVE-2018-3927 disclosed?
CVE-2018-3927 was disclosed in 2018.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samsung
- canonical/samsung sth-eth-250
- version/samsung sth-eth-250/0.20.17
- canonical/samsung sth-eth-250 firmware