Sign-up

ID

VAR-202210-0240


CVE

CVE-2022-39866


TITLE

Samsung's  Android  for  SmartThings  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018627

DESCRIPTION

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. Samsung's Android for SmartThings Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-39866 // JVNDB: JVNDB-2022-018627

AFFECTED PRODUCTS

vendor:samsungmodel:smartthingsscope:ltversion:1.7.89.0

Trust: 1.0

vendor:サムスンmodel:smartthingsscope:eqversion:1.7.89.0

Trust: 0.8

vendor:サムスンmodel:smartthingsscope:eqversion: -

Trust: 0.8

vendor:サムスンmodel:smartthingsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018627 // NVD: CVE-2022-39866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-39866
value: HIGH

Trust: 1.0

mobile.security@samsung.com: CVE-2022-39866
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-39866
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-280
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-39866
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-39866
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-39866
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018627 // CNNVD: CNNVD-202210-280 // NVD: CVE-2022-39866 // NVD: CVE-2022-39866

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018627 // NVD: CVE-2022-39866

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-280

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-280

PATCH

title:SAMSUNG Mobile devices Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210310

Trust: 0.6

sources: CNNVD: CNNVD-202210-280

EXTERNAL IDS

db:NVDid:CVE-2022-39866

Trust: 3.2

db:JVNDBid:JVNDB-2022-018627

Trust: 0.8

db:CNNVDid:CNNVD-202210-280

Trust: 0.6

sources: JVNDB: JVNDB-2022-018627 // CNNVD: CNNVD-202210-280 // NVD: CVE-2022-39866

REFERENCES

url:https://security.samsungmobile.com/serviceweb.smsb?year=2022&month=10

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-39866

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-39866/

Trust: 0.6

sources: JVNDB: JVNDB-2022-018627 // CNNVD: CNNVD-202210-280 // NVD: CVE-2022-39866

SOURCES

db:JVNDBid:JVNDB-2022-018627
db:CNNVDid:CNNVD-202210-280
db:NVDid:CVE-2022-39866

LAST UPDATE DATE

2024-08-14T15:27:04.586000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-018627date:2023-10-20T08:26:00
db:CNNVDid:CNNVD-202210-280date:2023-06-28T00:00:00
db:NVDid:CVE-2022-39866date:2023-06-27T16:15:55.140

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-018627date:2023-10-20T00:00:00
db:CNNVDid:CNNVD-202210-280date:2022-10-07T00:00:00
db:NVDid:CVE-2022-39866date:2022-10-07T15:15:21.983