□ Overview
o Xi S&D Inc. released security update to address Authentication bypass vulnerability in S&D smarthome(smartcare) application.
Vulnerability
Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
Improper Authentication |
authentication bypass
and privilege escalation |
High |
7.3 |
CVE-2021-26638 |
□ Description
o Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure.
o Remote attackers can use this vulerability to take control of the home environment including indoor control.
□ Affected Product
Affected Product
Product |
Version |
Platform |
S&D smarthome (smartcare) |
prior of 3.2.48 |
Android |
□ Solution
o Update software over S&D smarthome(smartcare) application 3.3.10 version or higher.
□ Reference
[1] https://www.xisnd.com/
□ Acknowledgements
o Thanks to Youngwoo Kwon for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |