CVE-2014-7243
https://notcve.org/view.php?id=CVE-2014-7243
LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. El router LG Electronics Mobile WiFi L-09C, L-03E, y L-04D no restringe el acceso a la interfaz de administración web, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://jvn.jp/en/jp/JVN71762315/995312/index.html http://jvn.jp/en/jp/JVN71762315/index.html http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000140.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3685 – Sprite Software Android Race Condition
https://notcve.org/view.php?id=CVE-2013-3685
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. Se presenta una Vulnerabilidad de Escalada de Privilegios en Sprite Software Spritebud versiones 1.3.24 y 1.3.28 y Backup versiones 2.5.4105 y 2.5.4108, en los teléfonos inteligentes LG con Android debido a una condición de carrera en el demonio spritebud, lo que podría permitir a un usuario malicioso local obtener privilegios root. A race condition in Sprite Software's backup software on Android devices allows for code execution as root. • http://www.securityfocus.com/bid/60749 https://androidvulnerabilities.org/all https://exchange.xforce.ibmcloud.com/vulnerabilities/85296 https://seclists.org/fulldisclosure/2013/Jun/196 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-3666 – LG Optimus G Command Injection
https://notcve.org/view.php?id=CVE-2013-3666
The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button. El componente de menu oculto de LG (LG Hidden Menu) para Android en LG Optimus G E973 permite a atacantes físicamente próximos a ejecutar comandos arbitrarios entrando en el modo de depuración USB, utilizando Android Debug Bridge (adb) para establecer una conexión USB, marcando 3845#*973#, modificando la cadena de comandos WLAN test Wi-Fi Ping Test/User Command tcpdump, y pulsando el botón CANCEL. LG Optimus G E973 suffers from a command injection vulnerability. • http://seclists.org/fulldisclosure/2013/May/166 http://www.youtube.com/watch?v=ZfbDIpTY-t4 https://plus.google.com/110348415484169880343/posts/9KxBtkyuYcj • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-1838
https://notcve.org/view.php?id=CVE-2012-1838
The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page. La interfaz de gestión vía web en el switch LG-Nortel ELO GS24M permite a atacantes remotos eludir la autenticación, y por lo tanto obtener credenciales sin cifrar e información de configuración, a través de una petición directa a una página web de configuración. • http://osvdb.org/80370 http://www.kb.cert.org/vuls/id/523027 https://exchange.xforce.ibmcloud.com/vulnerabilities/74237 • CWE-287: Improper Authentication •
CVE-2007-5558
https://notcve.org/view.php?id=CVE-2007-5558
Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Desbordamiento de entero en el terminal LG Mobile permite a atacantes remotos provocar una denegación de servicio (reinicio) mediante un paquete HTTP manipulado. NOTA: a fecha de 16/10/2007, la única revelación es un vago preaviso sin información de uso inmediato. • http://www.irmplc.com/index.php/111-Vendor-Alerts • CWE-189: Numeric Errors •