LG
Products
45- 25 CVEs
- 13 CVEs
- 6 CVEs
- 6 CVEs
- 4 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 45 products →
Recent CVEs
93| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17173 | Cri | 0.71 | 9.8 | 0.56 | Sep 21, 2018 | LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | ||
| CVE-2018-16287 | Cri | 0.65 | 9.8 | 0.20 | Sep 14, 2018 | LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | ||
| CVE-2018-16286 | Cri | 0.65 | 9.8 | 0.22 | Sep 14, 2018 | LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. | ||
| CVE-2018-15482 | Cri | 0.64 | 9.8 | 0.01 | Aug 17, 2018 | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. | ||
| CVE-2018-14982 | Cri | 0.64 | 9.8 | 0.01 | Aug 17, 2018 | Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. | ||
| CVE-2018-16946 | Hig | 0.52 | 7.5 | 0.09 | Sep 12, 2018 | LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials… | ||
| CVE-2018-16706 | Hig | 0.51 | 7.5 | 0.22 | Sep 14, 2018 | LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | ||
| CVE-2025-10204 | Hig | 0.46 | — | 0.00 | Sep 14, 2025 | A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This… | ||
| CVE-2016-3846 | Hig | 0.46 | 7.0 | 0.00 | Aug 5, 2016 | The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378. | ||
| CVE-2016-10398 | Med | 0.40 | 6.2 | 0.00 | Jul 17, 2017 | Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured… | ||
| CVE-2016-10135 | Med | 0.36 | 5.5 | 0.01 | Jan 13, 2017 | An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are… | ||
| CVE-2018-14839 | 0.19 | — | 0.89 | KEV | May 14, 2019 | LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | ||
| CVE-2023-40504 | 0.10 | — | 0.88 | May 3, 2024 | LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2023-40498 | 0.10 | — | 0.83 | May 3, 2024 | LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2024-2862 | 0.06 | — | 0.51 | Mar 25, 2024 | This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | |||
| CVE-2024-2863 | 0.04 | — | 0.67 | Mar 25, 2024 | This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | |||
| CVE-2023-40497 | 0.03 | — | 0.67 | May 3, 2024 | LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw… | |||
| CVE-2023-40494 | 0.03 | — | 0.84 | May 3, 2024 | LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-40492 | 0.03 | — | 0.84 | May 3, 2024 | LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2021-38306 | 0.03 | — | 0.09 | Aug 24, 2021 | Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. |
- risk 0.71cvss 9.8epss 0.56
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
- risk 0.65cvss 9.8epss 0.20
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
- risk 0.65cvss 9.8epss 0.22
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
- risk 0.64cvss 9.8epss 0.01
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
- risk 0.64cvss 9.8epss 0.01
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.
- risk 0.52cvss 7.5epss 0.09
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials…
- risk 0.51cvss 7.5epss 0.22
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
- risk 0.46cvss —epss 0.00
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This…
- risk 0.46cvss 7.0epss 0.00
The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.
- risk 0.40cvss 6.2epss 0.00
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured…
- risk 0.36cvss 5.5epss 0.01
An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are…
- risk 0.19cvss —epss 0.89
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
- CVE-2023-40504May 3, 2024risk 0.10cvss —epss 0.88
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2023-40498May 3, 2024risk 0.10cvss —epss 0.83
LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2024-2862Mar 25, 2024risk 0.06cvss —epss 0.51
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
- CVE-2024-2863Mar 25, 2024risk 0.04cvss —epss 0.67
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
- CVE-2023-40497May 3, 2024risk 0.03cvss —epss 0.67
LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw…
- CVE-2023-40494May 3, 2024risk 0.03cvss —epss 0.84
LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-40492May 3, 2024risk 0.03cvss —epss 0.84
LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…
- CVE-2021-38306Aug 24, 2021risk 0.03cvss —epss 0.09
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.