CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2863 – Path traversal via file upload on LG LED Assistant
https://notcve.org/view.php?id=CVE-2024-2863
25 Mar 2024 — This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. Esta vulnerabilidad permite a atacantes remotos atravesar rutas mediante la carga de archivos en el LG LED Assistant afectado. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-35: Path Traversal: '.../ •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2862 – Password reset vulnerability without authorization on LG LED Assistant
https://notcve.org/view.php?id=CVE-2024-2862
25 Mar 2024 — This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. Esta vulnerabilidad permite a atacantes remotos restablecer la contraseña de usuarios anónimos sin autorización en el LG LED Assistant afectado. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4616 – thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-4616
04 Sep 2023 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4615 – updateFile Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-4615
04 Sep 2023 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-4614 – setThumbnailRC Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-4614
04 Sep 2023 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-4613 – Upload Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-4613
04 Sep 2023 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •