CVE-2022-39869 CloudNotificationManager allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
The vulnerability is caused due to improper access control in cloudNotificationManager.java. An attacker can send a message to a smart device via the REMOVE_
CVE-2022-39871 In SmartThings before version 1.7.89.0, attackers can access sensitive information via implicit broadcasts.
To exploit this issue, an attacker would need to know the access code of the affected device. This can be discovered by observing the range
CVE-2022-39864 In SmartThings WifiSetupLaunchHelper prior to version 1.7.89.25, attackers can access sensitive information if the app has an implicit intent.
A security issue has been identified in a widely used smart home device that could allow information to be leaked via the device’s API.
CVE-2022-41672 Before version 2.4.1, deactivating a user wouldn't stop an already authenticated user from using the UI or API.
We've now added the ability to deactivate users via the Admin UI, Admin API, and CLI. Doing so will prevent users from being
CVE-2022-42249 The Cold Storage Management System v1.0 is vulnerable to SQL injection. a>/csms/admin/storages/view_storage.php?id=/a>
An attacker can inject malicious script code via the value of the storage_id parameter to execute arbitrary SQL commands. In addition, the /csms/admin/
Episode
00:00:00
00:00:00