Page 15 of 92 results (0.003 seconds)

CVSS: 8.6EPSS: 10%CPEs: 1EXPL: 2

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la lectura de archivos arbitrarios mediante los URI signEzUI playlist edit upload ..%2f. LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/45440 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 43%CPEs: 36EXPL: 2

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password. • https://www.exploit-db.com/exploits/45394 https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto para los intents de la aplicación SystemUI. El ID de LG es LVE-SMP-180005. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto para los intents de la aplicación MLT. El ID de LG es LVE-SMP-180006. • https://lgsecurity.lge.com/security_updates.html https://www.kryptowire.com/portal/android-firmware-defcon-2018 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. Algunos dispositivos LG basados en Android desde la versión 6.0 hasta la 8.1 tiene un control de acceso incorrecto en la aplicación GNSS. El ID de LG es LVE-SMP-180004. • https://lgsecurity.lge.com/security_updates.html • CWE-732: Incorrect Permission Assignment for Critical Resource •