CVE-2018-16946

LG Smart IP Camera 1508190 - Backup File Download

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.

Los dispositivos de cámara de red inteligentes LG LNB*, LND*, LNU* y LNV* no cuentan con control de acceso. Los atacantes pueden descargar archivos /updownload/t.report (también conocidos como Log Report) y archivos de backup (mediante download.php) sin autenticarse. Estos archivos de copia de seguridad contienen credenciales de usuario e información de configuración para el dispositivo de cámara. Un atacante puede descubrir el nombre de archivo de backup mediante la lectura de los registros del sistema o de los datos de informes o, simplemente, adivinando por fuerza bruta el patrón del nombre de archivo de backup. Pdría ser posible autenticarse en la cuenta de administrador con la contraseña del administrador.

LG Smart IP Camera versions 1310250 through 1508190 suffer from a backup file download vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-09-11 CVE Reserved
2018-09-12 CVE Published
2024-06-27 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-552: Files or Directories Accessible to External Parties

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/45394	2024-08-05
https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Lg Search vendor "Lg"	Lnb5110 Firmware Search vendor "Lg" for product "Lnb5110 Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnb5110 Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnb5110 Search vendor "Lg" for product "Lnb5110"	-	-	Safe
Lg Search vendor "Lg"	Lnb5320 Firmware Search vendor "Lg" for product "Lnb5320 Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnb5320 Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnb5320 Search vendor "Lg" for product "Lnb5320"	-	-	Safe
Lg Search vendor "Lg"	Lnb5320r Firmware Search vendor "Lg" for product "Lnb5320r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnb5320r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnb5320r Search vendor "Lg" for product "Lnb5320r"	-	-	Safe
Lg Search vendor "Lg"	Lnb7210 Firmware Search vendor "Lg" for product "Lnb7210 Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnb7210 Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnb7210 Search vendor "Lg" for product "Lnb7210"	-	-	Safe
Lg Search vendor "Lg"	Lnd3230r Firmware Search vendor "Lg" for product "Lnd3230r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnd3230r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnd3230r Search vendor "Lg" for product "Lnd3230r"	-	-	Safe
Lg Search vendor "Lg"	Lnd5110 Firmware Search vendor "Lg" for product "Lnd5110 Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnd5110 Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnd5110 Search vendor "Lg" for product "Lnd5110"	-	-	Safe
Lg Search vendor "Lg"	Lnd5110r Firmware Search vendor "Lg" for product "Lnd5110r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnd5110r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnd5110r Search vendor "Lg" for product "Lnd5110r"	-	-	Safe
Lg Search vendor "Lg"	Lnd5220r Firmware Search vendor "Lg" for product "Lnd5220r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnd5220r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnd5220r Search vendor "Lg" for product "Lnd5220r"	-	-	Safe
Lg Search vendor "Lg"	Lnd7210 Firmware Search vendor "Lg" for product "Lnd7210 Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnd7210 Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnd7210 Search vendor "Lg" for product "Lnd7210"	-	-	Safe
Lg Search vendor "Lg"	Lnd7210r Firmware Search vendor "Lg" for product "Lnd7210r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnd7210r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnd7210r Search vendor "Lg" for product "Lnd7210r"	-	-	Safe
Lg Search vendor "Lg"	Lnu3230r Firmware Search vendor "Lg" for product "Lnu3230r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnu3230r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnu3230r Search vendor "Lg" for product "Lnu3230r"	-	-	Safe
Lg Search vendor "Lg"	Lnu5110r Firmware Search vendor "Lg" for product "Lnu5110r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnu5110r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnu5110r Search vendor "Lg" for product "Lnu5110r"	-	-	Safe
Lg Search vendor "Lg"	Lnu5320r Firmware Search vendor "Lg" for product "Lnu5320r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnu5320r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnu5320r Search vendor "Lg" for product "Lnu5320r"	-	-	Safe
Lg Search vendor "Lg"	Lnu7210r Firmware Search vendor "Lg" for product "Lnu7210r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnu7210r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnu7210r Search vendor "Lg" for product "Lnu7210r"	-	-	Safe
Lg Search vendor "Lg"	Lnv5110r Firmware Search vendor "Lg" for product "Lnv5110r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnv5110r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnv5110r Search vendor "Lg" for product "Lnv5110r"	-	-	Safe
Lg Search vendor "Lg"	Lnv5320r Firmware Search vendor "Lg" for product "Lnv5320r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnv5320r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnv5320r Search vendor "Lg" for product "Lnv5320r"	-	-	Safe
Lg Search vendor "Lg"	Lnv7210 Firmware Search vendor "Lg" for product "Lnv7210 Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnv7210 Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnv7210 Search vendor "Lg" for product "Lnv7210"	-	-	Safe
Lg Search vendor "Lg"	Lnv7210r Firmware Search vendor "Lg" for product "Lnv7210r Firmware"	>= 1310250 <= 1508190 Search vendor "Lg" for product "Lnv7210r Firmware" and version " >= 1310250 <= 1508190"	-	Affected	in	Lg Search vendor "Lg"	Lnv7210r Search vendor "Lg" for product "Lnv7210r"	-	-	Safe