Samsung Mobile Smart Things vulnerabilities

CVE-2023-21432 [MEDIUM] CWE-285 CVE-2023-21432: Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.

CVE-2022-30746 [HIGH] CWE-285 CVE-2022-30746: Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive i Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.

CVE-2022-30749 [LOW] CWE-287 CVE-2022-30749: Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to a Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

CVE-2022-30747 [MEDIUM] CWE-276 CVE-2022-30747: PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to a PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.

CVE-2021-25447 [MEDIUM] CWE-284 CVE-2021-25447: Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted app Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.

CVE-2021-25446 [MEDIUM] CWE-284 CVE-2021-25446: Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted app Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.