CVE-2018-3911

23.08.2018, 22:29

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability.

HTTP Request/Response Splitting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
talos	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
samsung	sth-eth-250_firmware	0.20.17

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
The software receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0578