Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Samsung SmartThings Hub 安全漏洞
Vulnerability Description
Samsung SmartThings Hub是韩国三星(Samsung)公司的一款智能家居管理设备。 使用0.20.17版本固件的Samsung SmartThings Hub中的hubCore binary的crash handler存在安全漏洞,该漏洞源于程序通过不安全的HTTPS连接向backtrace.io服务发送所记录的minidumps。攻击者可通过伪造远程的backtrace.io服务器利用该漏洞提取敏感的进程数据。
CVSS Information
N/A
Vulnerability Type
N/A