CVE-2018-3864

Name of the Vulnerable Software and Affected Versions Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17

Description A buffer overflow issue exists in the Samsung WifiScan handler of the video-core's HTTP server. The strcpy function overflows a destination buffer with a size of 40 bytes. An attacker can exploit this by sending an arbitrarily long password value.

Recommendations For Firmware version 0.20.17, as a temporary workaround, consider restricting access to the WifiScan handler until a patch is available. Avoid using arbitrarily long password values in the affected HTTP server endpoint.