ID

VAR-202108-0726


CVE

CVE-2021-25447


TITLE

SmartThings  Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009504

DESCRIPTION

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. SmartThings Contains an authentication vulnerability.Information may be tampered with. Samsung SmartThings is an application from South Korea's Samsung that can connect to smart devices

Trust: 2.25

sources: NVD: CVE-2021-25447 // JVNDB: JVNDB-2021-009504 // CNVD: CNVD-2023-95334 // VULMON: CVE-2021-25447

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-95334

AFFECTED PRODUCTS

vendor:samsungmodel:smartthingsscope:ltversion:1.7.67.25

Trust: 1.6

vendor:サムスンmodel:smartthingsscope:eqversion:1.7.67.25

Trust: 0.8

vendor:サムスンmodel:smartthingsscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2023-95334 // JVNDB: JVNDB-2021-009504 // NVD: CVE-2021-25447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25447
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-25447
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-95334
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-476
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-25447
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-25447
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2023-95334
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-25447
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-25447
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-95334 // VULMON: CVE-2021-25447 // JVNDB: JVNDB-2021-009504 // CNNVD: CNNVD-202108-476 // NVD: CVE-2021-25447

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009504 // NVD: CVE-2021-25447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-476

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-476

PATCH

title:Security Updates (AUG-2021 Updates)url:https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=8

Trust: 0.8

title:Patch for Samsung SmartThings Access Control Error Vulnerability (CNVD-2023-95334)url:https://www.cnvd.org.cn/patchInfo/show/357226

Trust: 0.6

title:Samsung SmartThings Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=159865

Trust: 0.6

sources: CNVD: CNVD-2023-95334 // JVNDB: JVNDB-2021-009504 // CNNVD: CNNVD-202108-476

EXTERNAL IDS

db:NVDid:CVE-2021-25447

Trust: 3.9

db:JVNDBid:JVNDB-2021-009504

Trust: 0.8

db:CNVDid:CNVD-2023-95334

Trust: 0.6

db:CNNVDid:CNNVD-202108-476

Trust: 0.6

db:VULMONid:CVE-2021-25447

Trust: 0.1

sources: CNVD: CNVD-2023-95334 // VULMON: CVE-2021-25447 // JVNDB: JVNDB-2021-009504 // CNNVD: CNNVD-202108-476 // NVD: CVE-2021-25447

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-25447

Trust: 2.0

url:https://security.samsungmobile.com/serviceweb.smsb?year=2021&month=8

Trust: 1.7

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-95334 // VULMON: CVE-2021-25447 // JVNDB: JVNDB-2021-009504 // CNNVD: CNNVD-202108-476 // NVD: CVE-2021-25447

SOURCES

db:CNVDid:CNVD-2023-95334
db:VULMONid:CVE-2021-25447
db:JVNDBid:JVNDB-2021-009504
db:CNNVDid:CNNVD-202108-476
db:NVDid:CVE-2021-25447

LAST UPDATE DATE

2024-08-14T13:43:25.824000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-95334date:2023-12-05T00:00:00
db:VULMONid:CVE-2021-25447date:2021-08-12T00:00:00
db:JVNDBid:JVNDB-2021-009504date:2022-05-02T02:40:00
db:CNNVDid:CNNVD-202108-476date:2022-09-26T00:00:00
db:NVDid:CVE-2021-25447date:2022-09-23T19:11:37.137

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-95334date:2022-10-17T00:00:00
db:VULMONid:CVE-2021-25447date:2021-08-05T00:00:00
db:JVNDBid:JVNDB-2021-009504date:2022-05-02T00:00:00
db:CNNVDid:CNNVD-202108-476date:2021-08-05T00:00:00
db:NVDid:CVE-2021-25447date:2021-08-05T20:15:08.313