CVE-2018-16288 – LG SuperSign EZ CMS 2.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2018-16288
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la lectura de archivos arbitrarios mediante los URI signEzUI playlist edit upload ..%2f. LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/45440 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-16946 – LG Smart IP Camera 1508190 - Backup File Download
https://notcve.org/view.php?id=CVE-2018-16946
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password. • https://www.exploit-db.com/exploits/45394 https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download • CWE-552: Files or Directories Accessible to External Parties •
CVE-2018-14981
https://notcve.org/view.php?id=CVE-2018-14981
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto para los intents de la aplicación SystemUI. El ID de LG es LVE-SMP-180005. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-15482
https://notcve.org/view.php?id=CVE-2018-15482
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto para los intents de la aplicación MLT. El ID de LG es LVE-SMP-180006. • https://lgsecurity.lge.com/security_updates.html https://www.kryptowire.com/portal/android-firmware-defcon-2018 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-14982
https://notcve.org/view.php?id=CVE-2018-14982
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto en la aplicación GNSS. El ID de LG es LVE-SMP-180004. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •