CVE-2018-3912

Vulnerability

The vulnerability exists in the video-core process of Samsung SmartThings Hub STH-ETH-250 running firmware version 0.20.17. The process insecurely extracts fields from the shard table of its SQLite database, using strcpy to copy the secretKey value into a 128-byte stack buffer without bounds checking. This results in a stack-based buffer overflow. The affected component is the HTTP server within video-core that handles requests containing the secretKey parameter. [1]

Exploitation

An attacker must be able to send HTTP requests to the video-core server on the hub. The attacker sends a crafted request with an arbitrarily long secretKey value. The strcpy call overflows the destination buffer, overwriting adjacent stack memory. The CVSS vector indicates local access (AV:L) with high complexity and high privileges required, suggesting the attacker may need prior access to the local network or authenticated session. [1]

Impact

Successful exploitation allows the attacker to corrupt stack memory, potentially leading to arbitrary code execution with the privileges of the video-core process. Given the hub's role as a central controller, this could compromise the entire smart home system, leading to disclosure of sensitive information, modification of device states, or denial of service. The CVSS score is 7.5 (High) with impacts to confidentiality, integrity, and availability. [1]

Mitigation

The available reference does not provide a specific fix or workaround. As of the publication date (2018-08-23), users should check for firmware updates from Samsung. If no patch is available, restricting network access to the hub and monitoring for suspicious HTTP requests may reduce risk. [1]