1.7.85.25

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

samsung

CWE-668

NVD

Published: 2022-10-07

Updated: 2022-10-11

Summary

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

Vulnerable Configurations

Part	Description	Count
Application	Samsung Samsung Smartthings - Samsung Smartthings 1.7.73.22 Samsung Smartthings 1.7.85.12 Samsung Smartthings 1.7.85.25	4

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10