Vulnerabilities > Samsung > Smartthings > 1.7.85.25

DATE CVE VULNERABILITY TITLE RISK
2024-07-02 CVE-2024-34596 Improper Authentication vulnerability in Samsung Smartthings
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
network
low complexity
samsung CWE-287
7.5
7.5
2022-10-07 CVE-2022-39865 Unspecified vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12/1.7.85.25
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
network
low complexity
samsung
7.5
7.5
2022-10-07 CVE-2022-39866 Unspecified vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12/1.7.85.25
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
network
low complexity
samsung
7.5
7.5
2022-10-07 CVE-2022-39867 Unspecified vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12/1.7.85.25
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.
network
low complexity
samsung
7.5
7.5
2022-10-07 CVE-2022-39868 Unspecified vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12/1.7.85.25
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
network
low complexity
samsung
7.5
7.5
2022-10-07 CVE-2022-39869 Exposure of Resource to Wrong Sphere vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12/1.7.85.25
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
network
low complexity
samsung CWE-668
7.5
7.5
2022-10-07 CVE-2022-39870 Exposure of Resource to Wrong Sphere vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12/1.7.85.25
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
network
low complexity
samsung CWE-668
7.5
7.5
2022-10-07 CVE-2022-39871 Exposure of Resource to Wrong Sphere vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12/1.7.85.25
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.
network
low complexity
samsung CWE-668
7.5
7.5