PT-2022-20288 · Unknown · Smartthings
Jeremy Chatterson
·
Published
2022-06-07
·
Updated
2022-06-16
·
CVE-2022-30749
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Smart Things versions prior to 1.7.85.25
Description
The issue is related to improper access control, allowing local attackers to add arbitrary smart devices by bypassing login activity. This could potentially lead to unauthorized access and control of smart devices connected to the system.
Recommendations
For versions prior to 1.7.85.25, update to version 1.7.85.25 or later to resolve the issue. As a temporary workaround, consider restricting local access to the Smart Things system to minimize the risk of exploitation.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smartthings