cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-21432,https://securityvulnerability.io/vulnerability/CVE-2023-21432,Improper Access Control in Samsung Smart Things Product,"Samsung Smart Things prior to version 1.7.93 is susceptible to improper access control vulnerabilities, enabling unauthorized users to invite others without the owner's consent. This flaw poses significant security risks, as it allows potential attackers to manipulate access to the service, undermining user privacy and data integrity. It is recommended that users upgrade to the latest version to mitigate these risks effectively.",Samsung,Smart Things,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-02-09T00:00:00.000Z,0
CVE-2022-30749,https://securityvulnerability.io/vulnerability/CVE-2022-30749,Improper Access Control in Smart Things by Samsung,An improper access control vulnerability in Samsung's Smart Things application prior to version 1.7.85.25 allows local attackers to bypass login mechanisms and add any arbitrary smart device to the network. This flaw poses significant risks to device security and could lead to unauthorized access and control over smart home systems.,Samsung,Smart Things,3.3,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-06-07T18:21:27.000Z,0
CVE-2022-30747,https://securityvulnerability.io/vulnerability/CVE-2022-30747,Local File Access Vulnerability in Smart Things by Samsung,"A local file access vulnerability exists in Smart Things prior to version 1.7.85.25 that allows local attackers to leverage PendingIntent hijacking. This flaw enables unauthorized access to files without the necessary permissions, potentially exposing sensitive user information or leading to further exploitation.",Samsung,Smart Things,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-06-07T18:20:41.000Z,0
CVE-2022-30746,https://securityvulnerability.io/vulnerability/CVE-2022-30746,Missing Caller Check in Smart Things by Samsung,"A missing caller check in Samsung Smart Things versions prior to 1.7.85.12 allows an attacker to exploit the Javascript interface API, potentially accessing sensitive information remotely. This vulnerability highlights the importance of implementing robust security measures to prevent unauthorized access to critical user data.",Samsung,Smart Things,7.5,HIGH,0.0017500000540167093,false,,false,false,false,,,false,false,,2022-06-07T18:20:19.000Z,0
CVE-2021-25447,https://securityvulnerability.io/vulnerability/CVE-2021-25447,Improper Access Control in Samsung SmartThings Webview,"An improper access control vulnerability in Samsung SmartThings prior to version 1.7.67.25 allows untrusted applications to exploit webview functionalities, resulting in potential local file inclusion. This flaw can lead to unauthorized access to sensitive files on the device, emphasizing the need for timely updates to maintain app security and integrity.",Samsung,Smart Things,5.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-08-05T19:43:56.000Z,0
CVE-2021-25446,https://securityvulnerability.io/vulnerability/CVE-2021-25446,Improper Access Control in SmartThings by Samsung,"An improper access control vulnerability affects SmartThings applications prior to version 1.7.67.25, allowing untrusted applications to load arbitrary webpages within webview. This could potentially expose users to phishing attacks or malicious content, as the vulnerability enables unauthorized access and manipulation of web resources. It is essential for users and administrators to update to the latest version to mitigate associated risks.",Samsung,Smart Things,5.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-08-05T19:43:49.000Z,0