Improper Access Control in SmartThings by Samsung
CVE-2022-39864

3.3LOW

Key Information:

Vendor: Samsung
Status: Smartthings
Vendor: CVE Published:; 7 October 2022

What is CVE-2022-39864?

An improper access control vulnerability in WifiSetupLaunchHelper of Samsung's SmartThings application could allow malicious actors to exploit implicit intents, leading to unauthorized access to sensitive user data. This flaw could be leveraged by attackers to gain deeper insights into user activity and potentially compromise user privacy. It is crucial for users to upgrade to the latest version, 1.7.89.25 or higher, to mitigate this risk.

Affected Version(s)

SmartThings < 1.7.89.25

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2022
Vulnerability Reserved
Sep 5, 2022