GCVE - cpe:2.3:a:talos:samsung:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:talos:samsung:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Talos (`e7c02545-e938-5775-90a6-6bebb73bfb47`)
Product	Samsung (`b253b5f1-bdfa-570b-bf86-28cfbbd1b5ad`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-3926`	vulnerable	2026-06-03 14:38:50.595412	Details available MEDIUM (5.3) An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability. Published: 2018-08-28T17:00:00.000Z Updated: 2024-09-17T00:46:06.691Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/105162 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0593	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-3909`	vulnerable	2026-06-03 14:38:50.579512	Details available CRITICAL (9.1) An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability. Published: 2018-08-24T00:00:00.000Z Updated: 2024-09-17T02:10:41.755Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-3907`	vulnerable	2026-06-03 14:38:50.578858	Details available CRITICAL (9.1) An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability. Published: 2018-08-24T00:00:00.000Z Updated: 2024-09-16T23:31:23.692Z Open on db.gcve.eu Reference links https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-3903`	vulnerable	2026-06-03 14:38:50.577361	Details available CRITICAL (9.9) On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242. Published: 2018-08-23T15:00:00.000Z Updated: 2024-09-17T01:02:01.708Z Open on db.gcve.eu Reference links https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0574	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.