17 matches found
CVE-2022-30746
Summary: CVE-2022-30746 affects Samsung SmartThings prior to 1.7.85.12. A missing caller check in the JavaScript interface API can allow a remote attacker to access sensitive information. The vulnerability is described across multiple sources (NVD, Red Hat, CNVD/CNNVD references) as a missing cal...
CVE-2025-2233
CVE-2025-2233 affects Samsung SmartThings through the Hub Local API service (listening on TCP 8766). The flaw is improper verification of a cryptographic signature, enabling network-adjacent attackers to bypass authentication. Documented impacts indicate authentication bypass with no user interac...
CVE-2022-30749
CVE-2022-30749 affects Samsung SmartThings prior to version 1.7.85.25. The issue is improper access control that allows local attackers to bypass login and add arbitrary devices. Root cause: inadequate access control checks in the login/authorization flow. Impact: local attacker can extend device...
CVE-2022-30747
The CVE-2022-30747 issue affects Samsung SmartThings on Android, where a PendingIntent hijacking vulnerability in the app allows a local attacker to access files via an implicit Intent. Impact is realized if using versions prior to Samsung SmartThings 1.7.85.25; the documents indicate this fix ve...
CVE-2022-39865
The CVE-2022-39865 issue affects Samsung SmartThings: versions prior to 1.7.89.0 expose information via an improper access control in ContentsSharingActivity.java. The vulnerability stems from insufficient access restrictions around implicit broadcasts, enabling an attacker with local access to r...
CVE-2021-25378
CVE-2021-25378 affects Samsung SmartThings Hub (notably STH-ETH-250) with improper access control on certain ports, enabling remote temporary denial of service. The vulnerability is associated with SmartThings versions prior to 1.7.63.6. Root cause: improper access control of ports. Impact per so...
CVE-2022-39867
CVE-2022-39867 concerns Samsung SmartThings; the issue resides in the cloudNotificationManager.java component. Affected software is SmartThings prior to version 1.7.89.0, where improper access control could permit an attacker to access sensitive information via the SHOW_PERSISTENT_BANNER broadcas...
CVE-2022-39868
The CVE-2022-39868 entry affects Samsung SmartThings prior to v1.7.89.0, where GedSamsungAccount.kt contains an improper access-control bug that allows attackers to access sensitive information via implicit broadcast. Multiple connected sources corroborate the affected software/file (GedSamsungAc...
CVE-2022-39869
Summary: CVE-2022-39869 affects Samsung SmartThings, via an improper access control in cloudNotificationManager.java. Prior to version 1.7.89.0, an attacker could access sensitive information through the REMOVE_PERSISTENT_BANNER broadcast. Affected software/component: SmartThings cloudNotificatio...
CVE-2022-39870
CVE-2022-39870 affects Samsung SmartThings where the cloudNotificationManager.java component is vulnerable to improper access control. Prior to version 1.7.89.0, an attacker can access sensitive information via the PUSH_MESSAGE_RECEIVED broadcast. The vulnerability is limited to the specified ver...
CVE-2021-25508
The vulnerability CVE-2021-25508 affects Samsung SmartThings prior to version 1.7.73.22, where improper privilege management of the API key allows an attacker to abuse the API key without limitation. Impact area includes unauthorized API access with potential high-risk outcomes. Remediation: upgr...
CVE-2022-39864
The CVE-2022-39864 issue affects Samsung SmartThings, specifically the WifiSetupLaunchHelper component. It is an improper access control vulnerability in SmartThings versions prior to 1.7.89.25, allowing attackers to access sensitive information through implicit intents. The vulnerability targets...
CVE-2022-39871
CVE-2022-39871 affects Samsung SmartThings (CloudNotificationManager.java) with an improper access control flaw in versions prior to 1.7.89.0. Exploitation could allow an attacker to access sensitive information via implicit broadcasts. The issue is supported by multiple sources (Red Hat, NVD/CVE...
CVE-2022-39866
CVE-2022-39866 affects Samsung SmartThings prior to version 1.7.89.0, with the vulnerability located in RegisteredEventMediator.kt. The root cause is improper access control that can allow an attacker to access sensitive information via implicit broadcast. Documents consistently indicate affected...
CVE-2024-49416
CVE-2024-49416 concerns Samsung SmartThings prior to version 1.8.21, where an implicit intent used for sensitive communication can leak information to a local attacker. The vulnerability is described across multiple sources (NVD, Red Hat, CVE listings) with a consistent impact: exposure of sensit...
CVE-2024-34596
CVE-2024-34596 concerns Samsung SmartThings authentication. Multiple connected sources confirm an improper authentication flaw in SmartThings versions prior to 1.8.17 that allows remote attackers to bypass the owner-set expiration date for members. Affected software is Samsung SmartThings (SmartT...
CVE-2024-20852
CVE-2024-20852 affects Samsung SmartThings prior to version 1.8.13.22, due to improper verification of intent by a broadcast receiver. Local attackers could access testing configuration. Remediation: upgrade to version 1.8.13.22 or later. No exploitation details are provided in the supplied docum...