Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Smartthings
(Samsung)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-02 | CVE-2024-34596 | Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. | Smartthings | 7.5 | ||
| 2022-06-07 | CVE-2022-30746 | Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | Smartthings | 7.5 | ||
| 2022-10-07 | CVE-2022-39864 | Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. | Smartthings | 7.5 | ||
| 2022-10-07 | CVE-2022-39865 | Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | Smartthings | 7.5 | ||
| 2022-10-07 | CVE-2022-39866 | Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | Smartthings | 7.5 | ||
| 2022-10-07 | CVE-2022-39867 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | Smartthings | 7.5 | ||
| 2022-10-07 | CVE-2022-39868 | Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | Smartthings | 7.5 | ||
| 2022-10-07 | CVE-2022-39869 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | Smartthings | 7.5 | ||
| 2022-10-07 | CVE-2022-39870 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | Smartthings | 7.5 | ||
| 2022-10-07 | CVE-2022-39871 | Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | Smartthings | 7.5 |