Samsung: >> Smartthings Security Vulnerabilities
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
CVSS Score
4.0
EPSS Score
0.002
Published
2022-10-07
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-07
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-06-07
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-06-07
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-11-05
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-08-05
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-08-05
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
CVSS Score
3.3
EPSS Score
0.001
Published
2021-06-11
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
CVSS Score
4.3
EPSS Score
0.004
Published
2021-04-09
Page 2