CVE-2018-3926 - Vulnerability Details - OpenCVE

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Samsung	Sth-eth-250 Sth-eth-250 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*

cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105162
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2018-08-28T17:00:00Z

Updated: 2024-09-17T00:46:06.691Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-3926

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-28T17:29:02.063

Modified: 2024-11-21T04:06:18.990

Link: CVE-2018-3926

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Samsung", "vendor": "Talos", "versions": [{"status": "affected", "version": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"}]}], "datePublic": "2018-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Integer Underflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T18:06:12", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "105162", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105162"}, {"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2018-07-26T00:00:00", "ID": "CVE-2018-3926", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Samsung", "version": {"version_data": [{"version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"}]}}]}, "vendor_name": "Talos"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 5.3, "baseSeverity": "Medium", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Integer Underflow"}]}]}, "references": {"reference_data": [{"name": "105162", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105162"}, {"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:57:24.392Z"}, "title": "CVE Program Container", "references": [{"name": "105162", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105162"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2018-3926", "datePublished": "2018-08-28T17:00:00Z", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-09-17T00:46:06.691Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:sth-eth-250_firmware:0.20.17:*:*:*:*:*:*:*", "matchCriteriaId": "69ED63CA-72C3-4337-B1ED-1696DB316B0F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:sth-eth-250:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B42493E-7140-4A19-B94A-2F6262D0BCDA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable de subdesbordamiento de enteros en la rutina de actualizaci\u00f3n de firmware ZigBee ,del binario hubCore, de Samsung SmartThings Hub STH-ETH-250, con firmware en versi\u00f3n 0.20.17. El proceso hubCore maneja incorrectamente los archivos mal formados que existen en su directorio de datos, lo que conduce a un bucle infinito que, finalmente, har\u00e1 que el proceso se cierre inesperadamente. Un atacante puede enviar una petici\u00f3n HTTP manipulada para desencadenar esta vulnerabilidad."}], "id": "CVE-2018-3926", "lastModified": "2024-11-21T04:06:18.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 4.0, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-28T17:29:02.063", "references": [{"source": "talos-cna@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105162"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105162"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}]}