STEM Audio Table conference-room speaker has a security vulnerability that would allow unauthenticated remote code execution (RCE) as root on the device. GRIMM researchers found a stack-based buffer overflow issue, located in the local_server_get() and sip_config s() in stem_firmware_linux_2.0.0 function. Another security hole would allow command injection and the ability to execute arbitrary code as root. The device is a high-end, nine-speaker smart device that sits on a conference table to enable whole-room conferencing.
Source: https://threatpost.com/stem-audio-table-business-bugs/166798/