Details of VAR-202404-1520

ID

VAR-202404-1520

CVE

CVE-2024-20852

TITLE

Samsung's SmartThings Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-026269

DESCRIPTION

Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration. Samsung's SmartThings Exists in unspecified vulnerabilities.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-20852 // JVNDB: JVNDB-2024-026269

AFFECTED PRODUCTS

vendor:	samsung	model:	smartthings	scope:	lt	version:	1.8.13.22	Trust: 1.0
vendor:	サムスン	model:	smartthings	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	smartthings	scope:	eq	version:	1.8.13.22	Trust: 0.8
vendor:	サムスン	model:	smartthings	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-026269 // NVD: CVE-2024-20852

CVSS

SEVERITY

CVSSV2

CVSSV3

mobile.security@samsung.com:	CVE-2024-20852
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-20852
value:	LOW
Trust: 1.0
NVD:	CVE-2024-20852
value:	LOW
Trust: 0.8

mobile.security@samsung.com:	CVE-2024-20852
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-20852
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2024-20852
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-026269 // NVD: CVE-2024-20852 // NVD: CVE-2024-20852

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-026269 // NVD: CVE-2024-20852

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20852	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-026269	Trust: 0.8

sources: JVNDB: JVNDB-2024-026269 // NVD: CVE-2024-20852

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2024&month=04	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20852	Trust: 0.8

sources: JVNDB: JVNDB-2024-026269 // NVD: CVE-2024-20852

SOURCES

db:	JVNDB	id:	JVNDB-2024-026269
db:	NVD	id:	CVE-2024-20852

LAST UPDATE DATE

2025-07-20T23:20:50.731000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-026269	date:	2025-07-18T01:57:00
db:	NVD	id:	CVE-2024-20852	date:	2025-07-17T17:11:58.510

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-026269	date:	2025-07-18T00:00:00
db:	NVD	id:	CVE-2024-20852	date:	2024-04-02T03:15:10.460