CVE-2018-3912

Name of the Vulnerable Software and Affected Versions Samsung SmartThings Hub STH-ETH-250 version 0.20.17

Description The video-core process in the Samsung SmartThings Hub insecurely extracts fields from the shard table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long secretKey value to exploit this issue.

Recommendations For Samsung SmartThings Hub STH-ETH-250 version 0.20.17, consider updating the firmware to a version that fixes this issue, as the current version is affected by the buffer overflow vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.