Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Samsung SmartThings Hub video-core HTTP服务器缓冲区错误漏洞
Vulnerability Description
Samsung SmartThings Hub是韩国三星(Samsung)公司的一款智能家居管理设备。video-core HTTP server是其中的一个HTTP服务器。 使用0.20.17版本固件的Samsung SmartThings Hub中的video-core HTTP服务器的video-host通信存在缓冲区溢出漏洞,该漏洞源于在与远程video-host服务器进行通信时,video-core进程错误地解析了AWSELB cookie。远程攻击者可通过伪造远程的HTTP服务器利用该漏洞执行
CVSS Information
N/A
Vulnerability Type
N/A