Security Vulnerability in SmartThings Prior to Version 1.8.21 Allows Local Attackers to Access Sensitive Information
CVE-2024-49416
4MEDIUM
Summary
Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.
Affected Version(s)
SmartThings 1.8.21
References
CVSS V3.1
Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved