CVE-2018-3866

Name of the Vulnerable Software and Affected Versions Samsung SmartThings Hub STH-ETH-250 version 0.20.17

Description A buffer overflow issue exists in the samsungWifiScan handler of video-core's HTTP server. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy function overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long callbackUrl value to exploit this issue.

Recommendations For Samsung SmartThings Hub STH-ETH-250 version 0.20.17, as a temporary workaround, consider restricting access to the samsungWifiScan handler until a patch is available. Avoid using arbitrarily long callbackUrl values in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.