CVE-2023-21432
MEDIUMSamsung SmartThings < 1.7.93 - Unauthenticated User Invitation via Improper Access Control
Title source: llmDescription
Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.
References (1)
Core 1
Core References
Scores
CVSS v3
4.2
EPSS
0.0004
EPSS Percentile
14.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
Status
published
Products (1)
samsung/smart_things
< 1.7.93
Published
Feb 09, 2023
Tracked Since
Feb 18, 2026