CVE-2021-25446
published 2021-08-05CVE-2021-25446: Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | smartthings_firmware | < 1.7.67.25 | 1.7.67.25 |
| samsung_mobile | smart_things | >= - < 1.7.67.25 | 1.7.67.25 |