cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-3906,https://securityvulnerability.io/vulnerability/CVE-2018-3906,,"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2018-09-21T15:29:00.000Z,0
CVE-2018-3915,https://securityvulnerability.io/vulnerability/CVE-2018-3915,,"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long ""bucket"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2018-09-21T15:29:00.000Z,0
CVE-2018-3894,https://securityvulnerability.io/vulnerability/CVE-2018-3894,,"An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long ""startTime"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T15:29:00.000Z,0
CVE-2018-3914,https://securityvulnerability.io/vulnerability/CVE-2018-3914,,"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long ""sessionToken"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2018-09-21T15:29:00.000Z,0
CVE-2018-3876,https://securityvulnerability.io/vulnerability/CVE-2018-3876,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long ""bucket"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T14:29:00.000Z,0
CVE-2018-3877,https://securityvulnerability.io/vulnerability/CVE-2018-3877,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long ""directory"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T14:29:00.000Z,0
CVE-2018-3873,https://securityvulnerability.io/vulnerability/CVE-2018-3873,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long ""secretKey"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T14:29:00.000Z,0
CVE-2018-3874,https://securityvulnerability.io/vulnerability/CVE-2018-3874,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long ""accessKey"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T14:29:00.000Z,0
CVE-2018-3864,https://securityvulnerability.io/vulnerability/CVE-2018-3864,,"An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long ""password"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-20T15:29:00.000Z,0
CVE-2018-3865,https://securityvulnerability.io/vulnerability/CVE-2018-3865,,"An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long ""cameraIp"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-20T15:29:00.000Z,0
CVE-2018-3875,https://securityvulnerability.io/vulnerability/CVE-2018-3875,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long ""sessionToken"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-10T19:29:00.000Z,0
CVE-2018-3896,https://securityvulnerability.io/vulnerability/CVE-2018-3896,,"An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long ""correlationId"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-10T15:29:00.000Z,0
CVE-2018-3897,https://securityvulnerability.io/vulnerability/CVE-2018-3897,,"An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long ""callbackUrl"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-10T15:29:00.000Z,0
CVE-2018-3912,https://securityvulnerability.io/vulnerability/CVE-2018-3912,,"On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the ""shard"" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long ""secretKey"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2018-08-23T18:29:00.000Z,0
CVE-2018-3878,https://securityvulnerability.io/vulnerability/CVE-2018-3878,,"Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long ""region"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.000750000006519258,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0
CVE-2018-3879,https://securityvulnerability.io/vulnerability/CVE-2018-3879,,"An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,8.8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0
CVE-2018-3867,https://securityvulnerability.io/vulnerability/CVE-2018-3867,,"An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0010499999625608325,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0
CVE-2018-3917,https://securityvulnerability.io/vulnerability/CVE-2018-3917,,"On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the ""shard"" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long ""region"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0
CVE-2018-3902,https://securityvulnerability.io/vulnerability/CVE-2018-3902,,"An exploitable buffer overflow vulnerability exists in the camera ""replace"" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0010499999625608325,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0
CVE-2018-3905,https://securityvulnerability.io/vulnerability/CVE-2018-3905,,"An exploitable buffer overflow vulnerability exists in the camera ""create"" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the ""state"" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,8.5,HIGH,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0
CVE-2018-3919,https://securityvulnerability.io/vulnerability/CVE-2018-3919,,"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the ""clips"" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0
CVE-2018-3925,https://securityvulnerability.io/vulnerability/CVE-2018-3925,,"An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,8.5,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0
CVE-2018-3863,https://securityvulnerability.io/vulnerability/CVE-2018-3863,,"On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long ""user"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0010499999625608325,false,,false,false,false,,,false,false,,2018-08-23T15:29:00.000Z,0