LED Assistant
by LG
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-2862 | 0.06 | — | 0.51 | Mar 25, 2024 | This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | |||
| CVE-2024-2863 | 0.04 | — | 0.67 | Mar 25, 2024 | This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | |||
| CVE-2023-4616 | 0.00 | — | 0.01 | Sep 4, 2023 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack… | |||
| CVE-2023-4615 | 0.00 | — | 0.01 | Sep 4, 2023 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from… | |||
| CVE-2023-4614 | 0.00 | — | 0.02 | Sep 4, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from… | |||
| CVE-2023-4613 | 0.00 | — | 0.02 | Sep 4, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of… |
- CVE-2024-2862Mar 25, 2024risk 0.06cvss —epss 0.51
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
- CVE-2024-2863Mar 25, 2024risk 0.04cvss —epss 0.67
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
- CVE-2023-4616Sep 4, 2023risk 0.00cvss —epss 0.01
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack…
- CVE-2023-4615Sep 4, 2023risk 0.00cvss —epss 0.01
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from…
- CVE-2023-4614Sep 4, 2023risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from…
- CVE-2023-4613Sep 4, 2023risk 0.00cvss —epss 0.02
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of…