Samsung Smartthings
20 CVEs affecting Samsung Smartthings. Latest disclosed: 2025-03-11. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-2233 | High | 8.8 | 2025-03-11 | Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers… |
CVE-2022-30746 | High | 7.5 | 2022-06-07 | Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. |
CVE-2024-34596 | Medium | 5.9 | 2024-07-02 | Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. |
CVE-2024-20852 | Medium | 5.9 | 2024-04-02 | Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configur… |
CVE-2022-30747 | Medium | 5.5 | 2022-06-07 | PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. |
CVE-2021-25508 | Medium | 5.3 | 2021-11-05 | Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. |
CVE-2021-25447 | Medium | 5.3 | 2021-08-05 | Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. |
CVE-2021-25446 | Medium | 5.3 | 2021-08-05 | Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. |
CVE-2021-25378 | Medium | 4.3 | 2021-04-09 | Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. |
CVE-2024-49416 | Medium | 4.0 | 2024-12-03 | Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information. |
CVE-2022-39871 | Medium | 4.0 | 2022-10-07 | Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information v… |
CVE-2022-39870 | Medium | 4.0 | 2022-10-07 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information v… |
CVE-2022-39869 | Medium | 4.0 | 2022-10-07 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information v… |
CVE-2022-39868 | Medium | 4.0 | 2022-10-07 | Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implic… |
CVE-2022-39867 | Medium | 4.0 | 2022-10-07 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information v… |
CVE-2022-39866 | Medium | 4.0 | 2022-10-07 | Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via… |
CVE-2022-39865 | Medium | 4.0 | 2022-10-07 | Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information vi… |
CVE-2022-39864 | Low | 3.3 | 2022-10-07 | Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via i… |
CVE-2022-30749 | Low | 3.3 | 2022-06-07 | Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. |
CVE-2021-25404 | Low | 3.3 | 2021-06-11 | Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. |