Samsung Mobile Smartthings vulnerabilities

CVE-2022-39871 [MEDIUM] CWE-284 CVE-2022-39871: Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

CVE-2022-39866 [MEDIUM] CWE-284 CVE-2022-39866: Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7 Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

CVE-2022-39870 [MEDIUM] CWE-284 CVE-2022-39870: Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

CVE-2022-39869 [MEDIUM] CWE-284 CVE-2022-39869: Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.

CVE-2022-39868 [MEDIUM] CWE-284 CVE-2022-39868: Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

CVE-2022-39865 [MEDIUM] CWE-284 CVE-2022-39865: Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1 Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

CVE-2022-39864 [LOW] CWE-284 CVE-2022-39864: Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.8 Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

CVE-2022-39867 [MEDIUM] CWE-284 CVE-2022-39867: Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.

CVE-2021-25508 [MEDIUM] CWE-269 CVE-2021-25508: Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.

CVE-2021-25404 [LOW] CWE-922 CVE-2021-25404: Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to acce Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.

CVE-2021-25378 [MEDIUM] CWE-20 CVE-2021-25378: Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote tempo Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.