CVE-2021-25508
published 2021-11-05CVE-2021-25508: Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | smartthings | < 1.7.73.22 | 1.7.73.22 |
| samsung_mobile | smartthings | >= - < 1.7.73.22 | 1.7.73.22 |