CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3929
https://notcve.org/view.php?id=CVE-2014-3929
03 Apr 2017 — The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. La configuración predeterminada para Cougar-LG almacena la información confidencial bajo la raíz web con un control de acceso insuficiente, lo que podría permitir a atacantes remotos obtener claves ssh privadas. • http://www.s3.eurecom.fr/cve/CVE-2014-3929.txt • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3928
https://notcve.org/view.php?id=CVE-2014-3928
03 Apr 2017 — Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. Cougar-LG almacena información confidencial bajo la raíz web con control de acceso insuficiente, lo que permite a atacantes remotos obtener credenciales. • http://www.s3.eurecom.fr/cve/CVE-2014-3928.txt • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3930
https://notcve.org/view.php?id=CVE-2014-3930
03 Apr 2017 — lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials. Lg.pl en Cistron-LG 1.01 almacena información confidencial bajo la raíz web con controles de acceso insuficientes, lo que permite a atacantes remotos obtener direcciones IP y otras credenciales de router no especificadas. • http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3926
https://notcve.org/view.php?id=CVE-2014-3926
13 Mar 2017 — Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. Vulnerabilidad de XSS en lg.cgi en Cougar LG 1.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través del parámetro "addr". • http://blog.talosintelligence.com/2014/09/looking-glasses-with-bacon.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-10135
https://notcve.org/view.php?id=CVE-2016-10135
13 Jan 2017 — An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent fi... • http://www.securityfocus.com/bid/96846 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 10%CPEs: 1EXPL: 3CVE-2014-8757 – LG on Screen Phone Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-8757
06 Feb 2015 — LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. LG On-Screen Phone (OSP) anterior a 4.3.010 permite a atacantes remotos evadir la autorización a través de una solicitud manipulada. SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the network communication, and thus establish a connection to the On Screen Phone ap... • https://github.com/irsl/lgosp-poc • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 17%CPEs: 8EXPL: 5CVE-2014-0997 – Android WiFi-Direct - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0997
26 Jan 2015 — WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. WiFiMonitor en Android 4.4.4 tal y como se emplea en Nexus 5 y 4, Android 4.2.2 tal y como se emplea... • https://packetstorm.news/files/id/130107 • CWE-19: Data Processing Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-7243
https://notcve.org/view.php?id=CVE-2014-7243
05 Dec 2014 — LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. El router LG Electronics Mobile WiFi L-09C, L-03E, y L-04D no restringe el acceso a la interfaz de administración web, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://jvn.jp/en/jp/JVN71762315/995312/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-7252
https://notcve.org/view.php?id=CVE-2014-7252
05 Dec 2014 — Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation." Múltiples vulnerabilidades no especificadas en el controlador Syslink para el procesador... • http://jvn.jp/en/jp/JVN67792023/397327/index.html •
CVSS: 7.0EPSS: 0%CPEs: 47EXPL: 2CVE-2013-3685 – Sprite Software Android Race Condition
https://notcve.org/view.php?id=CVE-2013-3685
24 Jun 2013 — A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. Se presenta una Vulnerabilidad de Escalada de Privilegios en Sprite Software Spritebud versiones 1.3.24 y 1.3.28 y Backup versiones 2.5.4105 y 2.5.4108, en los teléfonos inteligentes LG con Android debido a una condición de carrera en el demonio spri... • https://packetstorm.news/files/id/122145 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •