Smart Things
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30746 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2022 | Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | ||
| CVE-2022-30747 | Med | 0.36 | 5.5 | 0.00 | Jun 7, 2022 | PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. | ||
| CVE-2023-21432 | Med | 0.27 | 4.2 | 0.00 | Feb 9, 2023 | Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. |
- risk 0.49cvss 7.5epss 0.01
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
- risk 0.36cvss 5.5epss 0.00
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
- risk 0.27cvss 4.2epss 0.00
Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.