CVE-2018-3915
Description
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17 allows remote attackers to cause denial of service or potentially execute arbitrary code via a crafted 'bucket' value.
Vulnerability
The video-core HTTP server in Samsung SmartThings Hub STH-ETH-250 running firmware version 0.20.17 contains a stack-based buffer overflow when retrieving a database field from the shard table. The strcpy function copies the value of the bucket field into a fixed 64-byte stack buffer without bounds checking, leading to a buffer overflow [1].
Exploitation
An attacker can exploit this vulnerability by sending an HTTP request to the video-core server with an arbitrarily long bucket parameter value. No authentication is required to trigger the overflow, as the server processes the request directly [1].
Impact
Successful exploitation results in a stack-based buffer overflow, which can cause a denial of service or allow an attacker to execute arbitrary code with the privileges of the video-core HTTP server. Given the system context, this could lead to full compromise of the hub [1].
Mitigation
No firmware patch was available at the time of disclosure. Users are advised to restrict network access to the hub and monitor for updates from Samsung [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =0.20.17
- Samsung/SmartThings Hub STH-ETH-250v5Range: Firmware version 0.20.17
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2018-0581mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.