Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability
Vulnerability Description
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Samsung SmartThings 数据伪造问题漏洞
Vulnerability Description
SAMSUNG SmartThings是韩国三星(SAMSUNG)公司的一款可连接智能设备的应用程序。 Samsung SmartThings存在数据伪造问题漏洞,该漏洞源于未正确验证加密签名,可能导致认证绕过。
CVSS Information
N/A
Vulnerability Type
N/A