The vulnerability is caused due to improper access control in cloudNotificationManager.java class. An attacker can send a malicious message to SmartThings cloud and can obtain access to any device. This access can be used to obtain sensitive information, shut down devices, etc. PEDRIVE T&E reports that due to this issue, SmartThings prior to version 1.7.89.0 can be accessed via a malicious message that allows the attacker to obtain any device information. An attacker can send a malicious message to SmartThings cloud and can obtain access to any device. This access can be used to obtain sensitive information, shut down devices, etc. PEDRIVE T&E reports that due to this issue, SmartThings prior to version 1.7.89.0 can be accessed via a malicious message that allows the attacker to obtain any device information. An attacker can send a malicious message to SmartThings cloud and can obtain access to any device. This access can be used to obtain sensitive information, shut down devices, etc. PEDRIVE T&E reports that due to this issue, SmartThings prior to version 1.7.89.0 can be accessed via a malicious message that allows the attacker to obtain any device information. An attacker can send a malicious message to SmartThings cloud and can obtain access to any device. This access can be used to obtain sensitive information, shut down devices, etc. PEDRIVE T&E reports that due to this issue
Vulnerability Scenario
The vulnerability affects SmartThings version 1.7.89.0 and older versions.
How to trigger the vulnerability?
An attacker can send a malicious message to SmartThings cloud and can obtain access to any device. This access can be used to obtain sensitive information, shut down devices, etc. PEDRIVE T&E reports that due to this issue, SmartThings prior to version 1.7.89.0 can be accessed via a malicious message that allows the attacker to obtain any device information.
Timeline
Published on: 10/07/2022 15:15:00 UTC
Last modified on: 10/11/2022 19:39:00 UTC