Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

samsung smartthings vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2021-25508
Improper privilege management vulnerability in API Key used in SmartThings before 1.7.73.22 allows an malicious user to abuse the API key without limitation.
Samsung Smartthings
5.5
CVSSv3
CVE-2022-30747
PendingIntent hijacking vulnerability in Smart Things before 1.7.85.25 allows local malicious users to access files without permission via implicit Intent.
Samsung Smartthings
5.3
CVSSv3
CVE-2021-25378
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
Samsung Smartthings
7.8
CVSSv3
CVE-2022-30749
Improper access control vulnerability in Smart Things before 1.7.85.25 allows local malicious users to add arbitrary smart devices by bypassing login activity.
Samsung Smartthings
7.5
CVSSv3
CVE-2022-39867
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows malicious users to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.
Samsung Smartthings
7.5
CVSSv3
CVE-2022-39870
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows malicious users to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
Samsung Smartthings
7.5
CVSSv3
CVE-2022-39865
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows malicious users to access sensitive information via implicit broadcast.
Samsung Smartthings
7.5
CVSSv3
CVE-2022-39866
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows malicious users to access sensitive information via implicit broadcast.
Samsung Smartthings
7.5
CVSSv3
CVE-2022-30746
Missing caller check in Smart Things prior to version 1.7.85.12 allows malicious user to access senstive information remotely using javascript interface API.
Samsung Smartthings
7.5
CVSSv3
CVE-2022-39868
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows malicious users to access sensitive information via implicit broadcast.
Samsung Smartthings
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook