Lucene search
K
SamsungSmartthings

17 matches found

CVE
CVE
added 2022/06/07 6:20 p.m.602 views

CVE-2022-30746

Summary: CVE-2022-30746 affects Samsung SmartThings prior to 1.7.85.12. A missing caller check in the JavaScript interface API can allow a remote attacker to access sensitive information. The vulnerability is described across multiple sources (NVD, Red Hat, CNVD/CNNVD references) as a missing cal...

7.5CVSS7.3AI score0.00826EPSS
CVE
CVE
added 2025/03/11 10:30 p.m.127 views

CVE-2025-2233

CVE-2025-2233 affects Samsung SmartThings through the Hub Local API service (listening on TCP 8766). The flaw is improper verification of a cryptographic signature, enabling network-adjacent attackers to bypass authentication. Documented impacts indicate authentication bypass with no user interac...

8.8CVSS8.9AI score0.0073EPSS
CVE
CVE
added 2022/06/07 6:21 p.m.73 views

CVE-2022-30749

CVE-2022-30749 affects Samsung SmartThings prior to version 1.7.85.25. The issue is improper access control that allows local attackers to bypass login and add arbitrary devices. Root cause: inadequate access control checks in the login/authorization flow. Impact: local attacker can extend device...

7.8CVSS7.5AI score0.0018EPSS
CVE
CVE
added 2022/06/07 6:20 p.m.65 views

CVE-2022-30747

The CVE-2022-30747 issue affects Samsung SmartThings on Android, where a PendingIntent hijacking vulnerability in the app allows a local attacker to access files via an implicit Intent. Impact is realized if using versions prior to Samsung SmartThings 1.7.85.25; the documents indicate this fix ve...

5.5CVSS5.3AI score0.00191EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.64 views

CVE-2022-39865

The CVE-2022-39865 issue affects Samsung SmartThings: versions prior to 1.7.89.0 expose information via an improper access control in ContentsSharingActivity.java. The vulnerability stems from insufficient access restrictions around implicit broadcasts, enabling an attacker with local access to r...

7.5CVSS7.3AI score0.00342EPSS
CVE
CVE
added 2021/04/09 5:39 p.m.59 views

CVE-2021-25378

CVE-2021-25378 affects Samsung SmartThings Hub (notably STH-ETH-250) with improper access control on certain ports, enabling remote temporary denial of service. The vulnerability is associated with SmartThings versions prior to 1.7.63.6. Root cause: improper access control of ports. Impact per so...

5.3CVSS5.4AI score0.00967EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.59 views

CVE-2022-39867

CVE-2022-39867 concerns Samsung SmartThings; the issue resides in the cloudNotificationManager.java component. Affected software is SmartThings prior to version 1.7.89.0, where improper access control could permit an attacker to access sensitive information via the SHOW_PERSISTENT_BANNER broadcas...

7.5CVSS7.3AI score0.00342EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.59 views

CVE-2022-39868

The CVE-2022-39868 entry affects Samsung SmartThings prior to v1.7.89.0, where GedSamsungAccount.kt contains an improper access-control bug that allows attackers to access sensitive information via implicit broadcast. Multiple connected sources corroborate the affected software/file (GedSamsungAc...

7.5CVSS7.3AI score0.00342EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.58 views

CVE-2022-39869

Summary: CVE-2022-39869 affects Samsung SmartThings, via an improper access control in cloudNotificationManager.java. Prior to version 1.7.89.0, an attacker could access sensitive information through the REMOVE_PERSISTENT_BANNER broadcast. Affected software/component: SmartThings cloudNotificatio...

7.5CVSS7.3AI score0.00342EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.56 views

CVE-2022-39870

CVE-2022-39870 affects Samsung SmartThings where the cloudNotificationManager.java component is vulnerable to improper access control. Prior to version 1.7.89.0, an attacker can access sensitive information via the PUSH_MESSAGE_RECEIVED broadcast. The vulnerability is limited to the specified ver...

7.5CVSS7.3AI score0.00342EPSS
CVE
CVE
added 2021/11/05 2:4 a.m.55 views

CVE-2021-25508

The vulnerability CVE-2021-25508 affects Samsung SmartThings prior to version 1.7.73.22, where improper privilege management of the API key allows an attacker to abuse the API key without limitation. Impact area includes unauthorized API access with potential high-risk outcomes. Remediation: upgr...

9.8CVSS9.3AI score0.00801EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.55 views

CVE-2022-39864

The CVE-2022-39864 issue affects Samsung SmartThings, specifically the WifiSetupLaunchHelper component. It is an improper access control vulnerability in SmartThings versions prior to 1.7.89.25, allowing attackers to access sensitive information through implicit intents. The vulnerability targets...

7.5CVSS7.3AI score0.00323EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.55 views

CVE-2022-39871

CVE-2022-39871 affects Samsung SmartThings (CloudNotificationManager.java) with an improper access control flaw in versions prior to 1.7.89.0. Exploitation could allow an attacker to access sensitive information via implicit broadcasts. The issue is supported by multiple sources (Red Hat, NVD/CVE...

7.5CVSS7.3AI score0.00342EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.53 views

CVE-2022-39866

CVE-2022-39866 affects Samsung SmartThings prior to version 1.7.89.0, with the vulnerability located in RegisteredEventMediator.kt. The root cause is improper access control that can allow an attacker to access sensitive information via implicit broadcast. Documents consistently indicate affected...

7.5CVSS7.3AI score0.00342EPSS
CVE
CVE
added 2024/12/03 5:47 a.m.53 views

CVE-2024-49416

CVE-2024-49416 concerns Samsung SmartThings prior to version 1.8.21, where an implicit intent used for sensitive communication can leak information to a local attacker. The vulnerability is described across multiple sources (NVD, Red Hat, CVE listings) with a consistent impact: exposure of sensit...

5.5CVSS4.3AI score0.00134EPSS
CVE
CVE
added 2024/07/02 9:23 a.m.50 views

CVE-2024-34596

CVE-2024-34596 concerns Samsung SmartThings authentication. Multiple connected sources confirm an improper authentication flaw in SmartThings versions prior to 1.8.17 that allows remote attackers to bypass the owner-set expiration date for members. Affected software is Samsung SmartThings (SmartT...

7.5CVSS7.5AI score0.00483EPSS
CVE
CVE
added 2024/04/02 2:59 a.m.48 views

CVE-2024-20852

CVE-2024-20852 affects Samsung SmartThings prior to version 1.8.13.22, due to improper verification of intent by a broadcast receiver. Local attackers could access testing configuration. Remediation: upgrade to version 1.8.13.22 or later. No exploitation details are provided in the supplied docum...

5.9CVSS6.5AI score0.00135EPSS