Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Samsung SmartThings Hub STH-ETH-250 video-core HTTP服务器安全漏洞
Vulnerability Description
Samsung SmartThings Hub是韩国三星(Samsung)公司的一款智能家居管理设备。video-core HTTP server是其中的一个HTTP服务器。 使用0.20.17版本固件的Samsung SmartThings Hub STH-ETH-250中的video-core HTTP服务器的REST解析器存在安全漏洞,该漏洞源于video-core进程错误地处理管道化的HTTP请求。攻击者可通过发送HTTP请求利用该漏洞覆盖之前解析的HTTP方法、URL和body。
CVSS Information
N/A
Vulnerability Type
N/A