Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Samsung SmartThings Hub 安全漏洞
Vulnerability Description
Samsung SmartThings Hub是韩国三星(Samsung)公司的一款智能家居管理设备。 使用0.20.17版本固件的Samsung SmartThings Hub中的远程服务器存在拒绝服务漏洞,该漏洞该源于监听39500端口的hubCore进程将未经认证的消息中继给SmartThings的远程服务器,而远程服务器错误地处理用于‘sync’操作的摄像头ID。攻击者可通过发送HTTP请求利用该漏洞删除任意的摄像头,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A