Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for Smart Things by Samsung Mobile

    CVE-2023-21432 (GCVE-0-2023-21432)

    Vulnerability from nvd – Published: 2023-02-09 00:00 – Updated: 2025-03-24 18:56
    VLAI
    Summary
    Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: unspecified , < 1.7.93 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:36:34.594Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T18:56:09.210237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T18:56:24.483Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.93",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285:   Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-09T00:00:00.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-21432",
        "datePublished": "2023-02-09T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-03-24T18:56:24.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30749 (GCVE-0-2022-30749)

    Vulnerability from nvd – Published: 2022-06-07 18:21 – Updated: 2024-08-03 06:56
    VLAI
    Summary
    Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: unspecified , < 1.7.85.25 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:14.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.85.25",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-07T18:21:27.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2022-30749",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.7.85.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2022-30749",
        "datePublished": "2022-06-07T18:21:27.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:14.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30747 (GCVE-0-2022-30747)

    Vulnerability from nvd – Published: 2022-06-07 18:20 – Updated: 2024-08-03 06:56
    VLAI
    Summary
    PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: unspecified , < 1.7.85.25 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:13.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.85.25",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-07T18:20:41.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2022-30747",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.7.85.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-276: Incorrect Default Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2022-30747",
        "datePublished": "2022-06-07T18:20:41.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:13.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30746 (GCVE-0-2022-30746)

    Vulnerability from nvd – Published: 2022-06-07 18:20 – Updated: 2024-08-03 06:56
    VLAI
    Summary
    Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: unspecified , < 1.7.85.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:14.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.85.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-07T18:20:19.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2022-30746",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.7.85.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2022-30746",
        "datePublished": "2022-06-07T18:20:19.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:14.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25447 (GCVE-0-2021-25447)

    Vulnerability from nvd – Published: 2021-08-05 19:43 – Updated: 2024-08-03 20:03
    VLAI
    Summary
    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: - , < 1.7.67.25 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:03:05.760Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.67.25",
                  "status": "affected",
                  "version": "-",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T19:43:56.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2021-25447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "-",
                                "version_value": "1.7.67.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview."
                }
              ]
            },
            "impact": {
              "cvss": {
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2021-25447",
        "datePublished": "2021-08-05T19:43:56.000Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:03:05.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25446 (GCVE-0-2021-25446)

    Vulnerability from nvd – Published: 2021-08-05 19:43 – Updated: 2024-08-03 20:03
    VLAI
    Summary
    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: - , < 1.7.67.25 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:03:05.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.67.25",
                  "status": "affected",
                  "version": "-",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T19:43:49.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2021-25446",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "-",
                                "version_value": "1.7.67.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview."
                }
              ]
            },
            "impact": {
              "cvss": {
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2021-25446",
        "datePublished": "2021-08-05T19:43:49.000Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:03:05.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-21432 (GCVE-0-2023-21432)

    Vulnerability from cvelistv5 – Published: 2023-02-09 00:00 – Updated: 2025-03-24 18:56
    VLAI
    Summary
    Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: unspecified , < 1.7.93 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:36:34.594Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=01"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T18:56:09.210237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T18:56:24.483Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.93",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285:   Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-09T00:00:00.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2023-21432",
        "datePublished": "2023-02-09T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-03-24T18:56:24.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30749 (GCVE-0-2022-30749)

    Vulnerability from cvelistv5 – Published: 2022-06-07 18:21 – Updated: 2024-08-03 06:56
    VLAI
    Summary
    Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: unspecified , < 1.7.85.25 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:14.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.85.25",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-07T18:21:27.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2022-30749",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.7.85.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287: Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2022-30749",
        "datePublished": "2022-06-07T18:21:27.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:14.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30747 (GCVE-0-2022-30747)

    Vulnerability from cvelistv5 – Published: 2022-06-07 18:20 – Updated: 2024-08-03 06:56
    VLAI
    Summary
    PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: unspecified , < 1.7.85.25 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:13.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.85.25",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-07T18:20:41.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2022-30747",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.7.85.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-276: Incorrect Default Permissions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2022-30747",
        "datePublished": "2022-06-07T18:20:41.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:13.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30746 (GCVE-0-2022-30746)

    Vulnerability from cvelistv5 – Published: 2022-06-07 18:20 – Updated: 2024-08-03 06:56
    VLAI
    Summary
    Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: unspecified , < 1.7.85.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:56:14.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.85.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-07T18:20:19.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2022-30746",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.7.85.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=6"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2022-30746",
        "datePublished": "2022-06-07T18:20:19.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:56:14.008Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25447 (GCVE-0-2021-25447)

    Vulnerability from cvelistv5 – Published: 2021-08-05 19:43 – Updated: 2024-08-03 20:03
    VLAI
    Summary
    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: - , < 1.7.67.25 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:03:05.760Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.67.25",
                  "status": "affected",
                  "version": "-",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T19:43:56.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2021-25447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "-",
                                "version_value": "1.7.67.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview."
                }
              ]
            },
            "impact": {
              "cvss": {
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2021-25447",
        "datePublished": "2021-08-05T19:43:56.000Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:03:05.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-25446 (GCVE-0-2021-25446)

    Vulnerability from cvelistv5 – Published: 2021-08-05 19:43 – Updated: 2024-08-03 20:03
    VLAI
    Summary
    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Smart Things Affected: - , < 1.7.67.25 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:03:05.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Things",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "1.7.67.25",
                  "status": "affected",
                  "version": "-",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T19:43:49.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2021-25446",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Smart Things",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "-",
                                "version_value": "1.7.67.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview."
                }
              ]
            },
            "impact": {
              "cvss": {
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=8"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2021-25446",
        "datePublished": "2021-08-05T19:43:49.000Z",
        "dateReserved": "2021-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:03:05.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }