Every CVE whose affected-product data names Samsung Smartthings, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2025-2233 — CVSS 8.8 (high): Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows…
CVE-2022-30746 — CVSS 7.5 (high): Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript…
CVE-2024-20852 — CVSS 5.9 (medium): Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to…
CVE-2024-34596 — CVSS 5.9 (medium): Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the…
CVE-2022-30747 — CVSS 5.5 (medium): PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via…
CVE-2021-25508 — CVSS 5.3 (medium): Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key…
CVE-2021-25378 — CVSS 4.3 (medium): Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
CVE-2022-39866 — CVSS 4.0 (medium): Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access…
CVE-2022-39867 — CVSS 4.0 (medium): Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access…
CVE-2022-39868 — CVSS 4.0 (medium): Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive…
CVE-2022-39869 — CVSS 4.0 (medium): Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access…
CVE-2022-39870 — CVSS 4.0 (medium): Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access…
CVE-2022-39871 — CVSS 4.0 (medium): Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access…
CVE-2022-39865 — CVSS 4.0 (medium): Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access…
CVE-2024-49416 — CVSS 4.0 (medium): Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive…
CVE-2022-30749 — CVSS 3.3 (low): Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing…
CVE-2022-39864 — CVSS 3.3 (low): Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access…