CVE-2022-30746 HIGH

CVE-2022-30746

Vendor Samsung Mobile

Product Smart Things

Weakness CWE-285

Published June 7, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.

Key dates

02Disclosure timeline

June 7, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-30746 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

04Related CVE

CVE-2026-1193 MineAdmin View view improper authorization CVE-2021-28500 An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. CVE-2024-24936 CVE-2023-36633 CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure

Identifiers

CVE CVE-2022-30746

CWE CWE-285

CVSS 7.5 / HIGH

Affected versions

Vendor Samsung Mobile

Product Smart Things

Affected ≥ unspecified and < 1.7.85.12