Lucene search

Samsung MobileCVELIST:CVE-2022-39864

HistoryOct 07, 2022 - 12:00 a.m.

CVE-2022-39864

2022-10-0700:00:00

CWE-284

Samsung Mobile

www.cve.org

cve-2022-39864

wifisetuplaunchhelper

smartthings

access control

sensitive information

implicit intent

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

41.9%

JSON

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "SmartThings",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "1.7.89.25",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for CVELIST:CVE-2022-39864