Lucene search

Smartthings Security Vulnerabilities

cve

CVE-2021-25378

Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.

5.3CVSS

5.4AI Score

0.001EPSS

2021-04-09 06:15 PM

cve

CVE-2021-25508

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.

9.8CVSS

9.3AI Score

0.002EPSS

2021-11-05 03:15 AM

cve

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.

7.5CVSS

7.3AI Score

0.001EPSS

2022-06-07 07:15 PM

569

cve

CVE-2022-30747

PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.

5.5CVSS

5.3AI Score

0.0004EPSS

2022-06-07 07:15 PM

cve

CVE-2022-30749

Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

7.8CVSS

7.5AI Score

0.0004EPSS

2022-06-07 07:15 PM

cve

CVE-2022-39864

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-07 03:15 PM

cve

CVE-2022-39865

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-07 03:15 PM

cve

CVE-2022-39866

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-07 03:15 PM

cve

CVE-2022-39867

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-07 03:15 PM

cve

CVE-2022-39868

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-07 03:15 PM

cve

CVE-2022-39869

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-07 03:15 PM

cve

CVE-2022-39870

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-07 03:15 PM

cve

CVE-2022-39871

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-07 03:15 PM

cve

CVE-2024-34596

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.

7.5CVSS

7.5AI Score

0.0005EPSS

2024-07-02 10:15 AM