GRIMM researchers have discovered several egregious vulnerabilities affecting the Stem Audio Table conference room speakerphone. Vulnerabilities could be exploited by attackers to eavesdrop on what’s being discussed in its proximity, download malicious firmware, achieve and maintain network persistence, and more. The vulnerabilities include stack overflow and command injection flaws that could allow attackers to execute arbitrary code as root on the device. The fact that the device does not check the signatures of the served updates means that attackers can easily provide a malicious one.
Source: https://www.helpnetsecurity.com/2021/06/14/conference-room-speakerphone/