This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.
Max CVSS
9.8
EPSS Score
1.85%
Published
2023-09-04
Updated
2023-09-08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.
Max CVSS
9.8
EPSS Score
1.85%
Published
2023-09-04
Updated
2023-09-08
The public API error causes for the attacker to be able to bypass API access control.
Max CVSS
9.8
EPSS Score
0.23%
Published
2022-03-11
Updated
2023-07-03
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.
Max CVSS
10.0
EPSS Score
1.95%
Published
2021-08-24
Updated
2021-09-09
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.
Max CVSS
9.3
EPSS Score
0.09%
Published
2020-03-23
Updated
2022-04-22
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
Max CVSS
9.8
EPSS Score
88.05%
Published
2018-09-21
Updated
2019-05-06
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
Max CVSS
8.6
EPSS Score
12.06%
Published
2018-09-14
Updated
2018-11-07
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
Max CVSS
9.8
EPSS Score
0.58%
Published
2018-09-14
Updated
2018-11-07
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
Max CVSS
9.8
EPSS Score
0.66%
Published
2018-09-14
Updated
2018-11-07

CVE-2018-14839

Known exploited
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
Max CVSS
9.8
EPSS Score
8.57%
Published
2019-05-14
Updated
2019-10-03
CISA KEV Added
2022-03-25
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request.
Max CVSS
8.3
EPSS Score
1.36%
Published
2015-02-17
Updated
2018-10-09
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!