SuperSign CMS
by LG
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17173 | Cri | 0.71 | 9.8 | 0.56 | Sep 21, 2018 | LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | ||
| CVE-2018-16287 | Cri | 0.65 | 9.8 | 0.20 | Sep 14, 2018 | LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | ||
| CVE-2018-16286 | Cri | 0.65 | 9.8 | 0.22 | Sep 14, 2018 | LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. | ||
| CVE-2018-16706 | Hig | 0.51 | 7.5 | 0.22 | Sep 14, 2018 | LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. |
- risk 0.71cvss 9.8epss 0.56
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
- risk 0.65cvss 9.8epss 0.20
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
- risk 0.65cvss 9.8epss 0.22
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
- risk 0.51cvss 7.5epss 0.22
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.