VYPR

SmartThings

by Samsung Mobile

CVEs (40)

  • CVE-2018-3918HigAug 27, 2018
    risk 0.49cvss 7.5epss 0.01

    An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for…

  • CVE-2024-34596MedJul 2, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.

  • CVE-2024-20852MedApr 2, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration.

  • CVE-2022-30747MedJun 7, 2022
    risk 0.36cvss 5.5epss 0.00

    PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.

  • CVE-2021-25508MedNov 5, 2021
    risk 0.35cvss 5.3epss 0.01

    Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.

  • CVE-2021-25447MedAug 5, 2021
    risk 0.35cvss 5.3epss 0.01

    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.

  • CVE-2021-25446MedAug 5, 2021
    risk 0.35cvss 5.3epss 0.01

    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.

  • CVE-2021-25378MedApr 9, 2021
    risk 0.28cvss 4.3epss 0.01

    Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.

  • CVE-2023-21432MedFeb 9, 2023
    risk 0.27cvss 4.2epss 0.00

    Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.

  • CVE-2024-49416MedDec 3, 2024
    risk 0.26cvss 4.0epss 0.00

    Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.

  • CVE-2022-39871MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

  • CVE-2022-39870MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

  • CVE-2022-39869MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.

  • CVE-2022-39868MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

  • CVE-2022-39867MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.

  • CVE-2022-39866MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

  • CVE-2022-39865MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

  • CVE-2022-39864LowOct 7, 2022
    risk 0.21cvss 3.3epss 0.00

    Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

  • CVE-2022-30749LowJun 7, 2022
    risk 0.21cvss 3.3epss 0.00

    Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

  • CVE-2021-25404LowJun 11, 2021
    risk 0.21cvss 3.3epss 0.00

    Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.

Page 2 of 2