CVEs-PoC/2018/CVE-2018-3908.md at 183d1f8677d424ca51cab102bc615f8bcebb511d

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-12 09:21:42 +02:00

Files

T

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability.

POC

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0577

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2018-3908

Description

POC

Reference

Github

1.0 KiB

Raw Blame History