Samsung SmartThings Hub CVE-2018-3926 Denial of Service Vulnerability

Bugtraq ID:	105162
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-3926
Remote:	Yes
Local:	No
Published:	Aug 26 2018 12:00AM
Updated:	Aug 26 2018 12:00AM
Credit:	Claudio Bozzato of Cisco Talos.
Vulnerable:	Samsung SmartThings Hub STH-ETH-250 0.20.17
Not Vulnerable:

Samsung SmartThings Hub CVE-2018-3926 Denial of Service Vulnerability

Samsung SmartThings Hub is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause the application to enter an infinite loop, resulting in denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

Samsung SmartThings Hub STH-ETH-250 0.20.17 is vulnerable; other versions may also be affected.

Samsung SmartThings Hub CVE-2018-3926 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Samsung SmartThings Hub CVE-2018-3926 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Samsung SmartThings Hub CVE-2018-3926 Denial of Service Vulnerability

References:

• Samsung Homepage (Samsung)
  
• Samsung SmartThings Hub hubCore ZigBee firmware update CRC16 check denial-of-ser (Cisco Talos)