Samsung Smartthings
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Samsung Smartthings.
By the Year
In 2025 there have been 0 vulnerabilities in Samsung Smartthings. Last year, in 2024 Smartthings had 2 security vulnerabilities published. Right now, Smartthings is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.50 |
| 2023 | 0 | 0.00 |
| 2022 | 11 | 7.35 |
| 2021 | 2 | 7.55 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Smartthings vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Smartthings Security Vulnerabilities
SmartThings Implicit Intent Information Disclosure Vulnerability
CVE-2024-49416
- December 03, 2024
Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.
Improper authentication in SmartThings prior to version 1.8.17
CVE-2024-34596
7.5 - High
- July 02, 2024
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
authentification
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0
CVE-2022-39871
7.5 - High
- October 07, 2022
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0
CVE-2022-39870
7.5 - High
- October 07, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0
CVE-2022-39869
7.5 - High
- October 07, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0
CVE-2022-39868
7.5 - High
- October 07, 2022
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0
CVE-2022-39867
7.5 - High
- October 07, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0
CVE-2022-39866
7.5 - High
- October 07, 2022
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0
CVE-2022-39865
7.5 - High
- October 07, 2022
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25
CVE-2022-39864
7.5 - High
- October 07, 2022
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25
CVE-2022-30747
5.5 - Medium
- June 07, 2022
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
Incorrect Default Permissions
Missing caller check in Smart Things prior to version 1.7.85.12
CVE-2022-30746
7.5 - High
- June 07, 2022
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
AuthZ
Improper access control vulnerability in Smart Things prior to 1.7.85.25
CVE-2022-30749
7.8 - High
- June 07, 2022
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
authentification
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22
CVE-2021-25508
9.8 - Critical
- November 05, 2021
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.
Improper Privilege Management
Improper access control of certain port in SmartThings prior to version 1.7.63.6
CVE-2021-25378
5.3 - Medium
- April 09, 2021
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Samsung Smartthings or by Samsung? Click the Watch button to subscribe.
