CVE-2018-3916

Name of the Vulnerable Software and Affected Versions Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17

Description A stack-based buffer overflow issue exists in the video-core HTTP server of the Samsung SmartThings Hub. This occurs due to a strcpy call that overflows a destination buffer of 136 bytes. An attacker can exploit this by sending an HTTP request with an arbitrarily long 'directory' value.

Recommendations For Firmware version 0.20.17, consider restricting access to the video-core HTTP server until a patch is available. As a temporary workaround, avoid using arbitrarily long 'directory' values in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.