An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0548 Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2018-07-26T00:00:00

Updated: 2022-04-19T18:04:53

Reserved: 2018-01-02T00:00:00


Link: CVE-2018-3865

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-09-20T15:29:00.757

Modified: 2023-04-26T18:56:43.027


Link: CVE-2018-3865

JSON object: View

cve-icon Redhat Information

No data.

CWE