Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
5.3CVSS
5.4AI Score
0.001EPSS
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.
9.8CVSS
9.3AI Score
0.002EPSS
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
7.5CVSS
7.3AI Score
0.002EPSS
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
5.5CVSS
5.3AI Score
0.0004EPSS
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
7.8CVSS
7.5AI Score
0.0004EPSS
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.
7.5CVSS
7.3AI Score
0.001EPSS
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
7.5CVSS
7.5AI Score
0.0005EPSS