What the vulnerability does
01Description
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.
CVSS base score
3.3/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
October 7, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
CVE-2026-2742 Unauthorized session creation via reserved framework path access
CVE-2024-1478 Maintenance Mode <= 3.0.1 - Information Exposure
CVE-2026-45264 Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
CVE-2019-6810
