본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26638 | Xi Smarthome wallpad authentication bypass vulnerability2022.06.22
□ Overview
 o Xi S&D Inc. released security update to address Authentication bypass vulnerability in S&D smarthome(smartcare) application.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper Authentication authentication bypass
and privilege escalation
High 7.3 CVE-2021-26638

□ Description
 o Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure.
 o Remote attackers can use this vulerability to take control of the home environment including indoor control.

□ Affected Product
Affected Product
Product Version Platform
S&D smarthome (smartcare) prior of 3.2.48 Android

□ Solution
 o Update software over S&D smarthome(smartcare) application 3.3.10 version or higher.

□ Reference
[1] https://www.xisnd.com/

□ Acknowledgements
 o Thanks to Youngwoo Kwon for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀