cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49416,https://securityvulnerability.io/vulnerability/CVE-2024-49416,Security Vulnerability in SmartThings Prior to Version 1.8.21 Allows Local Attackers to Access Sensitive Information,Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.,Samsung,Smartthings,4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-03T05:47:59.990Z,0
CVE-2024-20852,https://securityvulnerability.io/vulnerability/CVE-2024-20852,Broadcast Receiver Vulnerability Allows Local Access to Testing Configuration,Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration.,Samsung,Smartthings,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-02T03:15:00.000Z,0
CVE-2022-39865,https://securityvulnerability.io/vulnerability/CVE-2022-39865,Improper Access Control in SmartThings by Samsung,"An improper access control vulnerability exists in SmartThings prior to version 1.7.89.0, where attackers can exploit implicit broadcasts to gain access to sensitive information. This flaw highlights significant security risks associated with insufficient access management within the application, potentially exposing personal user data.",Samsung,Smartthings,4,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2022-39864,https://securityvulnerability.io/vulnerability/CVE-2022-39864,Improper Access Control in SmartThings by Samsung,"An improper access control vulnerability in WifiSetupLaunchHelper of Samsung's SmartThings application could allow malicious actors to exploit implicit intents, leading to unauthorized access to sensitive user data. This flaw could be leveraged by attackers to gain deeper insights into user activity and potentially compromise user privacy. It is crucial for users to upgrade to the latest version, 1.7.89.25 or higher, to mitigate this risk.",Samsung,Smartthings,3.3,LOW,0.001449999981559813,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2022-39866,https://securityvulnerability.io/vulnerability/CVE-2022-39866,Improper Access Control in SmartThings by Samsung,"An improper access control vulnerability exists in SmartThings, potentially allowing unauthorized access to sensitive user information through implicit broadcasts. This issue was identified in versions prior to 1.7.89.0, posing risks to user privacy and data security.",Samsung,Smartthings,4,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2022-39869,https://securityvulnerability.io/vulnerability/CVE-2022-39869,Improper Access Control in SmartThings by Samsung,"An improper access control vulnerability located in the cloudNotificationManager.java of Samsung's SmartThings, prior to version 1.7.89.0, allows unauthorized users to exploit the REMOVE_PERSISTENT_BANNER broadcast. This exploitation can potentially expose sensitive information, placing users at risk. Timely updates and patches are essential for maintaining system integrity.",Samsung,Smartthings,4,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2022-39870,https://securityvulnerability.io/vulnerability/CVE-2022-39870,Improper Access Control in SmartThings by Samsung,"An improper access control vulnerability in SmartThings's cloudNotificationManager.java allows unauthorized attackers to access sensitive information. This occurs via the PUSH_MESSAGE_RECEIVED broadcast, potentially compromising user privacy and security. It is crucial for users to update to version 1.7.89.0 or later to mitigate this risk.",Samsung,Smartthings,4,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2022-39871,https://securityvulnerability.io/vulnerability/CVE-2022-39871,Improper Access Control Vulnerability in SmartThings by Samsung,An improper access control vulnerability affecting the cloudNotificationManager.java component in SmartThings up to version 1.7.89.0 enables unauthorized attackers to gain access to sensitive information through implicit broadcasts. This oversight can potentially expose user data and compromise the security integrity of connected devices.,Samsung,Smartthings,4,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2022-39867,https://securityvulnerability.io/vulnerability/CVE-2022-39867,Improper Access Control in SmartThings by Samsung,"An improper access control vulnerability in SmartThings affects versions prior to 1.7.89.0, allowing unauthorized users to exploit the SHOW_PERSISTENT_BANNER broadcast and gain access to sensitive information. This poses a significant risk to user privacy and data security, making it essential for users to update to the latest version to safeguard their systems.",Samsung,Smartthings,4,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2022-39868,https://securityvulnerability.io/vulnerability/CVE-2022-39868,Improper Access Control in SmartThings by Samsung,"An improper access control issue in SmartThings prior to version 1.7.89.0 allows attackers to exploit implicit broadcast vulnerabilities. This can lead to unauthorized access to sensitive information stored within the SmartThings application, potentially compromising user privacy and security. Users are advised to upgrade to the latest version to mitigate these risks.",Samsung,Smartthings,4,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2022-10-07T00:00:00.000Z,0
CVE-2021-25508,https://securityvulnerability.io/vulnerability/CVE-2021-25508,Improper Privilege Management in SmartThings by Samsung,"The identified vulnerability in SmartThings prior to version 1.7.73.22 pertains to improper privilege management associated with the API Key. This flaw permits potential attackers to misuse the API key without any restrictions, leading to unauthorized access and manipulation of the system. Safeguarding against this vulnerability is crucial to maintain the integrity and security of user accounts and connected devices.",Samsung,Smartthings,5.3,MEDIUM,0.0019399999873712659,false,,false,false,false,,,false,false,,2021-11-05T02:04:10.000Z,0
CVE-2021-25404,https://securityvulnerability.io/vulnerability/CVE-2021-25404,,Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.,Samsung,Smartthings,3.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-11T14:45:23.000Z,0
CVE-2021-25378,https://securityvulnerability.io/vulnerability/CVE-2021-25378,,Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.,Samsung,Smartthings,4.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-04-09T17:39:44.000Z,0
CVE-2018-3914,https://securityvulnerability.io/vulnerability/CVE-2018-3914,,"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long ""sessionToken"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2018-09-21T15:29:00.000Z,0
CVE-2018-3894,https://securityvulnerability.io/vulnerability/CVE-2018-3894,,"An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long ""startTime"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T15:29:00.000Z,0
CVE-2018-3906,https://securityvulnerability.io/vulnerability/CVE-2018-3906,,"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2018-09-21T15:29:00.000Z,0
CVE-2018-3915,https://securityvulnerability.io/vulnerability/CVE-2018-3915,,"An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long ""bucket"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2018-09-21T15:29:00.000Z,0
CVE-2018-3876,https://securityvulnerability.io/vulnerability/CVE-2018-3876,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long ""bucket"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T14:29:00.000Z,0
CVE-2018-3874,https://securityvulnerability.io/vulnerability/CVE-2018-3874,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long ""accessKey"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T14:29:00.000Z,0
CVE-2018-3877,https://securityvulnerability.io/vulnerability/CVE-2018-3877,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long ""directory"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T14:29:00.000Z,0
CVE-2018-3873,https://securityvulnerability.io/vulnerability/CVE-2018-3873,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long ""secretKey"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-21T14:29:00.000Z,0
CVE-2018-3865,https://securityvulnerability.io/vulnerability/CVE-2018-3865,,"An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long ""cameraIp"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-20T15:29:00.000Z,0
CVE-2018-3864,https://securityvulnerability.io/vulnerability/CVE-2018-3864,,"An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long ""password"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-20T15:29:00.000Z,0
CVE-2018-3875,https://securityvulnerability.io/vulnerability/CVE-2018-3875,,"An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long ""sessionToken"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-10T19:29:00.000Z,0
CVE-2018-3897,https://securityvulnerability.io/vulnerability/CVE-2018-3897,,"An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long ""callbackUrl"" value in order to exploit this vulnerability.",Samsung,Smartthings Hub Sth-eth-250,9.9,CRITICAL,0.0007900000200606883,false,,false,false,false,,,false,false,,2018-09-10T15:29:00.000Z,0