Security readout for executives and security teams
Plain-English summary
CVE-2018-3867 is a critical flaw in Samsung SmartThings Hub STH-ETH-250 firmware 0.20.17. A network attacker with low privileges could trigger a stack buffer overflow in the hub's video-core HTTP server, potentially compromising the device's confidentiality, integrity, and availability.
Executive priority
Treat this as urgent for environments using the affected hub and firmware. The impact rating is critical, but business priority depends on whether these consumer IoT devices are present and reachable in the environment.
Technical view
The flaw is in the samsungWifiScan callback notification path. The video-core process incorrectly handles a smart camera response, causing a stack-based buffer overflow. The CVSS 3.0 score is 9.9, with network access, low complexity, low privileges, no user interaction, and high impact across CIA.
Likely exposure
Exposure is limited to Samsung SmartThings Hub STH-ETH-250 devices running firmware 0.20.17, based on the provided sources. Organizations should verify deployed hub models and firmware versions before assuming exposure.
Exploitation context
Talos describes the vulnerability as exploitable and triggerable through a series of HTTP requests. The provided data does not show CISA KEV listing or active exploitation evidence, so active exploitation should not be assumed.
Researcher notes
The source bundle names one affected product and firmware version. It does not provide CWE mapping, patch details, or active exploitation evidence. Avoid broadening scope beyond STH-ETH-250 firmware 0.20.17 without additional vendor confirmation.
Mitigation direction
- Identify any Samsung SmartThings Hub STH-ETH-250 devices in use.
- Confirm whether devices are running firmware version 0.20.17.
- Check Samsung or Talos guidance for fixed firmware or vendor remediation.
- Restrict hub management and device network access to trusted networks.
- Segment IoT hubs from sensitive corporate or home-office systems.
Validation and detection
- Inventory SmartThings hubs by model and firmware version.
- Review network exposure of the hub's HTTP-accessible services.
- Check whether untrusted users or devices can reach the hub network.
- Confirm remediation status against Samsung or Talos advisory details.
- Document any compensating controls if firmware remediation is unavailable.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2018-3867 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Critical
- CVSS
- 9.9 (3.0)
- Known Exploited
- No
- Published
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H3.16Primary CVE scoreVulnerability scoring details
Base CVSS 3.0 score
9.9CriticalVector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0549CVE reference · x_refsource_MISC
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
