How severe is CVE-2018-3895?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2018-3895?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2018-3895

CRITICAL Year: 2018

CVSS v3 Score

9.9

Critical

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-120

View all →

Vulnerability Description

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2018-3864

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows ...

CWE-1202018

CVE-2018-3865

CRITICAL

CVSS:9.9(Critical)

CWE-1202018

CVE-2018-3876

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the de...

CWE-1202018

CVE-2018-3894

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call ove...

CWE-1202018

CVE-2018-3896

CRITICAL

CVSS:9.9(Critical)

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process inc...

CWE-1202018