Jeremy Chatterson

**Name of the Vulnerable Software and Affected Versions** Waterplugin versions prior to 2.2.11.22081151 **Description** The issue is related to improper restriction of broadcasting Intent in SaWebViewRelayActivity, allowing an attacker to access files without permission. **Recommendations** For versions prior to 2.2.11.22081151, update to version 2.2.11.22081151 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Internet versions prior to 17.0.1.69 **Description** The issue is related to an improper auto-fill algorithm, which allows physical attackers to guess stored credit card numbers. **Recommendations** For versions prior to 17.0.1.69, update to version 17.0.1.69 or later to resolve the issue. As a temporary workaround, consider disabling the auto-fill feature in Samsung Internet until a patch is available. Restrict access to sensitive information, such as stored credit card numbers, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Smart Things versions prior to 1.7.85.25 **Description** The issue is related to improper access control, allowing local attackers to add arbitrary smart devices by bypassing login activity. This could potentially lead to unauthorized access and control of smart devices connected to the system. **Recommendations** For versions prior to 1.7.85.25, update to version 1.7.85.25 or later to resolve the issue. As a temporary workaround, consider restricting local access to the Smart Things system to minimize the risk of exploitation.