CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26638

HIGH
7.3
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile1.24th
PublishedJun 23, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.

Affected Platforms (CPE)

📦
Xisnd

S\&d Smarthome

<= 3.2.48

References & Advisories

🔗 https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783
🔗 https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66783

Related Vulnerabilities

CVE-2019-1106310.0

A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an...

CVE-2020-95509.8

Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to snif...

CVE-2020-141147.5

information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensit...

CVE-2017-27047.5

Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentC...