CVE-2018-3909
HIGHSamsung STH-ETH-250 Firmware 0.20.17 - HTTP Request Smuggling via Pipelined Requests
Title source: llmDescription
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577
Scores
CVSS v3
8.6
EPSS
0.0125
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Details
CWE
CWE-444
Status
published
Products (1)
samsung/sth-eth-250_firmware
0.20.17
Published
Aug 24, 2018
Tracked Since
Feb 18, 2026