CVSS: 9.8EPSS: 0%CPEs: 39EXPL: 0CVE-2020-13840
https://notcve.org/view.php?id=CVE-2020-13840
04 Jun 2020 — An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020). Se detectó un problema en los dispositivos móviles LG con Sistema Operativo Android versiones 7.2, 8.0, 8.1, 9 y 10 (chipsets MTK). Una ejecución de código puede ocurrir por medio de un desbordamiento del búfer del manejador de comando MTK AT. • https://lgsecurity.lge.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 0CVE-2020-13839
https://notcve.org/view.php?id=CVE-2020-13839
04 Jun 2020 — An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020). Se detectó un problema en los dispositivos móviles LG con Sistema Operativo Android versiones 7.2, 8.0, 8.1, 9 y 10 (chipsets MTK). Una ejecución del código puede ocurrir por medio de un desbordamiento del búfer del manejador de comando AT personalizado. • https://lgsecurity.lge.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20781
https://notcve.org/view.php?id=CVE-2019-20781
29 Apr 2020 — An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. Se detectó un problema en LG Bridge antes de Abril de 2019 en Windows. Un Secuestro de DLL puede ocurrir. • https://lgsecurity.lge.com • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-20777
https://notcve.org/view.php?id=CVE-2019-20777
17 Apr 2020 — An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July 2019). Se descubrió un problema en los dispositivos móviles de LG con el software del Sistema Operativo Android versiones 7.0, 7.1, 7.2, 8.0, 8.1 y 9.0. WapService maneja inapropiadamente el Aprovisionamiento OTA en los dispositivos V40 y G7. • https://lgsecurity.lge.com •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20769
https://notcve.org/view.php?id=CVE-2019-20769
17 Apr 2020 — An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019). Se descubrió un problema en LG PC Suite para LG G3 y anteriores (también se conoce como LG PC Suite v5.3.27 y anteriores). El secuestro DLL puede ocurrir por medio de una DLL de tipo caballo de Troya en el directorio de trabajo actual. • https://lgsecurity.lge.com • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9759 – webOS TV Emulator privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2020-9759
23 Mar 2020 — A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files. Una vulnerabilidad del emulador de TV de LG Electronic web OS podría permitir a un atacante escalar privilegios y sobrescribir ciertos archivos. Esta vulnerabilidad se debe a una configuración incorrecta del entorno. • https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 93%CPEs: 2EXPL: 0CVE-2018-14839 – LG N1A1 NAS Remote Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14839
14 May 2019 — LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. LG N1A1 NAS versión 3718.510 se ve afectado por: Ejecución de comandos remotos. El impacto es: ejecutar código arbitrario (remoto). • https://medium.com/%400x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2019-7404
https://notcve.org/view.php?id=CVE-2019-7404
13 May 2019 — An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log. Se descubrió un problema en los enrutadores LG GAMP-versión 7100, GAPM-versión 7200 y GAPM-versión 8000. Un usuario no identificado puede leer un archivo de registro por medio de una solicitud HTTP que contiene su pathname completo... • https://github.com/epistemophilia/CVEs/blob/master/LG-GAMP-Routers/CVE-2019-7404/poc-cve-2019-7404.py • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8372
https://notcve.org/view.php?id=CVE-2019-8372
18 Feb 2019 — The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL. El controlador "LHA.sys", en versiones anteriores a la 1.1.1811.2101 en LG Device Manager, expone una funcionalidad que permite a usuarios con privilegios bajos leer y escribir memoria física arbi... • http://www.jackson-t.ca/lg-driver-lpe.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 68%CPEs: 1EXPL: 5CVE-2018-17173 – LG Supersign EZ CMS - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-17173
21 Sep 2018 — LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. LG SuperSign CMS permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro sourceUri en qsr_server/device/getThumbnail. LG SuperSign EZ CMS, that many LG SuperSign TVs have built-in, is prone to a remote code execution vulnerability due to an improper parameter handling. • https://packetstorm.news/files/id/152733 • CWE-94: Improper Control of Generation of Code ('Code Injection') •