CVE-2018-3925
Description
An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap buffer overflow in Samsung SmartThings Hub's video-core parses the AWSELB cookie without bounds checking, allowing a man-in-the-middle attacker to execute arbitrary code.
Vulnerability
The video-core HTTP server in Samsung SmartThings Hub STH-ETH-250 devices running firmware version 0.20.17 contains a heap buffer overflow (CWE-120) when parsing the AWSELB cookie during remote video-host communication. The video-core process does not perform proper bounds checking before copying the cookie value into a heap buffer, allowing a larger-than-expected cookie to overflow adjacent memory. The vulnerability is reachable when the hub communicates with a remote video-host server (e.g., during camera livestream setup) and the attacker can impersonate that remote HTTP server [1].
Exploitation
An attacker who can perform a man-in-the-middle attack between the SmartThings Hub and the remote video-host servers can trigger this overflow. The attacker must first position themselves in the network path (e.g., by compromising a router or using ARP spoofing) and then impersonate the remote HTTP server. By sending a crafted HTTP response containing an oversized AWSELB cookie to the hub's video-core process, the attacker causes a heap buffer overflow when the cookie is parsed [1]. No prior authentication is required beyond network access; the attack complexity is high because the attacker needs to hijack the TLS-secured connection or cause the hub to fall back to an insecure channel.
Impact
Successful exploitation leads to arbitrary code execution in the context of the video-core process, which runs with elevated privileges on the hub. The CVSSv3 score is 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high impact to confidentiality, integrity, and availability. An attacker could fully compromise the hub, potentially controlling connected smart home devices, exfiltrating sensitive data, or using the hub as a pivot point for further network attacks [1].
Mitigation
Samsung released a firmware update addressing this vulnerability. Users should update their SmartThings Hub STH-ETH-250 to firmware version later than 0.20.17. The fix was included in firmware updates distributed through the SmartThings mobile application and OTA updates. No workaround currently exists; affected hubs should be updated as soon as possible. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 0.20.17
- Samsung/SmartThings Hub STH-ETH-250v5Range: Firmware version 0.20.17
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2018-0591mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.