How severe is CVE-2018-3894?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2018-3894?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2018-3894

CRITICAL Year: 2018

CVSS v3 Score

9.9

Critical

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-120

View all →

Vulnerability Description

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability.

CVE-2018-3864

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows ...

CWE-1202018

CVE-2018-3865

CRITICAL

CVSS:9.9(Critical)

CWE-1202018

CVE-2018-3876

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the de...

CWE-1202018

CVE-2018-3895

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call ove...

CWE-1202018

CVE-2018-3896

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process inc...

CWE-1202018