VYPR
Vendor

LG

Products
45
CVEs
93
Across products
84
Status
Private

Products

45
View all 45 products →

Recent CVEs

93
View all 93 CVEs →
  • CVE-2018-17173CriSep 21, 2018
    risk 0.71cvss 9.8epss 0.56

    LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.

  • CVE-2018-16287CriSep 14, 2018
    risk 0.65cvss 9.8epss 0.20

    LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.

  • CVE-2018-16286CriSep 14, 2018
    risk 0.65cvss 9.8epss 0.22

    LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.

  • CVE-2018-15482CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.01

    Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.

  • CVE-2018-14982CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.01

    Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.

  • CVE-2018-16946HigSep 12, 2018
    risk 0.52cvss 7.5epss 0.09

    LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials…

  • CVE-2018-16706HigSep 14, 2018
    risk 0.51cvss 7.5epss 0.22

    LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.

  • CVE-2025-10204HigSep 14, 2025
    risk 0.46cvss epss 0.00

    A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This…

  • CVE-2016-3846HigAug 5, 2016
    risk 0.46cvss 7.0epss 0.00

    The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.

  • CVE-2016-10398MedJul 17, 2017
    risk 0.40cvss 6.2epss 0.00

    Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured…

  • CVE-2016-10135MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are…

  • CVE-2018-14839KEVMay 14, 2019
    risk 0.19cvss epss 0.89

    LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.

  • CVE-2023-40504May 3, 2024
    risk 0.10cvss epss 0.88

    LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2023-40498May 3, 2024
    risk 0.10cvss epss 0.83

    LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2024-2862Mar 25, 2024
    risk 0.06cvss epss 0.51

    This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.

  • CVE-2024-2863Mar 25, 2024
    risk 0.04cvss epss 0.67

    This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.

  • CVE-2023-40497May 3, 2024
    risk 0.03cvss epss 0.67

    LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2023-40494May 3, 2024
    risk 0.03cvss epss 0.84

    LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-40492May 3, 2024
    risk 0.03cvss epss 0.84

    LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2021-38306Aug 24, 2021
    risk 0.03cvss epss 0.09

    Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.