Samsung Smartthings

20 CVEs affecting Samsung Smartthings. Latest disclosed: 2025-03-11. Critical: 0, High: 2.

Top CVEs affecting Samsung Smartthings
CVESeverityScorePublishedSummary
CVE-2025-2233High8.82025-03-11Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers…
CVE-2022-30746High7.52022-06-07Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
CVE-2024-34596Medium5.92024-07-02Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
CVE-2024-20852Medium5.92024-04-02Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configur…
CVE-2022-30747Medium5.52022-06-07PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
CVE-2021-25508Medium5.32021-11-05Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.
CVE-2021-25447Medium5.32021-08-05Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
CVE-2021-25446Medium5.32021-08-05Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
CVE-2021-25378Medium4.32021-04-09Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
CVE-2024-49416Medium4.02024-12-03Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.
CVE-2022-39871Medium4.02022-10-07Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information v…
CVE-2022-39870Medium4.02022-10-07Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information v…
CVE-2022-39869Medium4.02022-10-07Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information v…
CVE-2022-39868Medium4.02022-10-07Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implic…
CVE-2022-39867Medium4.02022-10-07Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information v…
CVE-2022-39866Medium4.02022-10-07Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via…
CVE-2022-39865Medium4.02022-10-07Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information vi…
CVE-2022-39864Low3.32022-10-07Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via i…
CVE-2022-30749Low3.32022-06-07Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
CVE-2021-25404Low3.32021-06-11Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.