CVE-2022-30749

CWE-287Improper Authentication3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 85.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Smart ThingsSamsung Smartthings
Timeline
PublishedJun 7
Latest updateJun 8

Description

Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsamsung/smartthings< 1.7.85.25
CVEListV5samsung_mobile/smart_thingsunspecified1.7.85.25

🔴Vulnerability Details

2
GHSA
GHSA-7cq7-9j9c-wc2j: Improper access control vulnerability in Smart Things prior to 12022-06-08
CVEList
CVE-2022-30749: Improper access control vulnerability in Smart Things prior to 12022-06-07
CVE-2022-30749 (HIGH CVSS 7.8) | Improper access control vulnerabili | cvebase.io