An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version…
talos·CWE-88·Published 2018-08-23
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.
Existe una vulnerabilidad explotable en la configuración RTSP de las cámaras inteligentes de Samsung SmartThings Hub STH-ETH-250 en su versión de firmware 0.20.17. El dispositivo maneja incorrectamente espacios en el campo URL, conduciendo a una inyección de comandos del sistema operativo arbitrarios. Un atacante puede enviar una serie de peticiones HTTP para provocar esta vulnerabilidad.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 9.0 | 8.0 | 10.0 | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| 3.0 | Primary | cve.org | 9.9 | — | — | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.0 | Primary | cve.org | 9.9 | — | — | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.0 | Secondary | NVD | 9.9 | 3.1 | 6.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 9.9 | 3.1 | 6.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |