Missing caller check in Smart Things prior to version 1.7.85.12 allows malicious user to access senstive information remotely using javascript interface API.
samsung smartthings