VYPR

SmartThings

by Samsung Mobile

CVEs (41)

  • CVE-2022-30747MedJun 7, 2022
    risk 0.36cvss 5.5epss 0.00

    PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.

  • CVE-2021-25508MedNov 5, 2021
    risk 0.35cvss 5.3epss 0.01

    Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.

  • CVE-2021-25447MedAug 5, 2021
    risk 0.35cvss 5.3epss 0.01

    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.

  • CVE-2021-25446MedAug 5, 2021
    risk 0.35cvss 5.3epss 0.01

    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.

  • CVE-2021-25378MedApr 9, 2021
    risk 0.28cvss 4.3epss 0.01

    Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.

  • CVE-2023-21432MedFeb 9, 2023
    risk 0.27cvss 4.2epss 0.00

    Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.

  • CVE-2022-39871MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

  • CVE-2022-39870MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

  • CVE-2022-39869MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.

  • CVE-2022-39868MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

  • CVE-2022-39867MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.

  • CVE-2022-39866MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

  • CVE-2022-39865MedOct 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

  • CVE-2022-39864LowOct 7, 2022
    risk 0.21cvss 3.3epss 0.00

    Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

  • CVE-2022-30749LowJun 7, 2022
    risk 0.21cvss 3.3epss 0.00

    Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

  • CVE-2021-25404LowJun 11, 2021
    risk 0.21cvss 3.3epss 0.00

    Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.

  • CVE-2025-2233Mar 11, 2025
    risk 0.00cvss epss 0.01

    Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit…

  • CVE-2024-49416Dec 3, 2024
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.

  • CVE-2024-34606Aug 7, 2024
    risk 0.00cvss epss 0.00

    Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

  • CVE-2024-34596Jul 2, 2024
    risk 0.00cvss epss 0.00

    Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.