July 2018: Cisco finds a slew of vulnerabilities in Hub V2

Reading a Cisco blog and have found a long list of vulnerabilities for the Samsung Hub

Found here - https://www.talosintelligence.com/vulnerability_reports#disclosed
such as https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0557

TALOS-2018-0594 Samsung SmartThings Hub hubCore Google Breakpad backtrace.io information disclosure vulnerability 2018-07-26

CVE-2018-3927 6.8

TALOS-2018-0593 Samsung SmartThings Hub hubCore ZigBee firmware update CRC16 check denial-of-service vulnerability 2018-07-26

CVE-2018-3926 5.3

TALOS-2018-0575 Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability 2018-07-26

CVE-2018-3905 8.5

TALOS-2018-0577 Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities 2018-07-26

CVE-2018-3907, CVE-2018-3908, CVE-2018-3909 9.1

TALOS-2018-0548 Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability 2018-07-26

CVE-2018-3863, CVE-2018-3864, CVE-2018-3865, CVE-2018-3866 9.9

TALOS-2018-0591 Samsung SmartThings Hub video-core AWSELB Cookie Code Execution Vulnerability 2018-07-26

CVE-2018-3925 8.5

TALOS-2018-0554 Samsung SmartThings Hub video-core credentials videoHostUrl Code Execution Vulnerability 2018-07-26

CVE-2018-3872 9.9

TALOS-2018-0583 Samsung SmartThings Hub video-core Database clips Code Execution Vulnerability 2018-07-26

CVE-2018-3919 7.5

TALOS-2018-0555 Samsung SmartThings Hub video-core credentials Code Execution Vulnerability 2018-07-26

CVE-2018-3873, CVE-2018-3874, CVE-2018-3875, CVE-2018-3876, CVE-2018-3877, CVE-2018-3878 9.9

TALOS-2018-0574 Samsung SmartThings Hub video-core Camera Update Code Execution Vulnerabilities 2018-07-26

CVE-2018-3903, CVE-2018-3904 9.9

TALOS-2018-0570 Samsung SmartThings Hub video-core clips Code Execution Vulnerability 2018-07-26

CVE-2018-3893, CVE-2018-3894, CVE-2018-3895, CVE-2018-3896, CVE-2018-3897 9.9

TALOS-2018-0581 Samsung SmartThings Hub video-core database shard code execution vulnerabilities 2018-07-26

CVE-2018-3912, CVE-2018-3913, CVE-2018-3914, CVE-2018-3915, CVE-2018-3916, CVE-2018-3917 7.5

TALOS-2018-0576 Samsung SmartThings Hub video-core Database shard.videoHostURL Code Execution Vulnerability 2018-07-26

CVE-2018-3906 7.5

TALOS-2018-0578 Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability 2018-07-26

CVE-2018-3911 8.6

TALOS-2018-0557 Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability 2018-07-26

CVE-2018-3880 8.2

TALOS-2018-0573 Samsung SmartThings Hub video-core Camera URL Replace Code Execution Vulnerability 2018-07-26

CVE-2018-3902 9.9

TALOS-2018-0582 Samsung SmartThings Hub hubCore port 39500 sync denial-of-service vulnerability 2018-07-26

CVE-2018-3918 6.5

TALOS-2018-0539 Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability 2018-07-26

CVE-2018-3856 9.9

TALOS-2018-0556 Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability 2018-07-26

CVE-2018-3879 8.8

TALOS-2018-0549 Samsung SmartThings Hub video-core samsungWifiScan Callback Code Execution Vulnerability 2018-07-26

CVE-2018-3867 9.9

1 Like

@UniqueIdentifier These vulnerabilities were reported against the V2 hub and we worked with Cisco TALOS to address these issues in the V2 prior to public disclosure. The Blog post overviewing their research and vulnerabilities can be found at https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html. Since these reports came in prior to V3 launch, the fixes there are also applied to V3 – several of the vulnerabilities reported were against the Video-Core functionality which is not present on V3.

As an organization we welcome responsible disclosure of vulnerabilities discovered with our platform: https://www.smartthings.com/responsible-disclosure

Please consider changing the title of this post or closing the topic as what you have linked to is not new information and does not apply to the V3 Hub.

4 Likes

Also, here’s the discussion from when these were initially made public:

5 Likes

That report was from July 2018 and applied to the V2 hub. See the previous active thread, including staff discussion. Everything there has since been patched and did not apply to the V3 hub, which had not yet been released at the time of that report. (Also, the V3 doesn’t have a video core. :wink: )

3 Likes