VYPR

Vendor CVEs

LG

All CVEs

93 total · sorted by risk
  • CVE-2018-17173CriSep 21, 2018
    risk 0.71cvss 9.8epss 0.56

    LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.

  • CVE-2018-16287CriSep 14, 2018
    risk 0.65cvss 9.8epss 0.20

    LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.

  • CVE-2018-16286CriSep 14, 2018
    risk 0.65cvss 9.8epss 0.22

    LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.

  • CVE-2018-15482CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.01

    Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.

  • CVE-2018-14982CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.01

    Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.

  • CVE-2018-16946HigSep 12, 2018
    risk 0.52cvss 7.5epss 0.09

    LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials…

  • CVE-2018-16706HigSep 14, 2018
    risk 0.51cvss 7.5epss 0.22

    LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.

  • CVE-2025-10204HigSep 14, 2025
    risk 0.46cvss epss 0.00

    A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This…

  • CVE-2016-3846HigAug 5, 2016
    risk 0.46cvss 7.0epss 0.00

    The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.

  • CVE-2016-10398MedJul 17, 2017
    risk 0.40cvss 6.2epss 0.00

    Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured…

  • CVE-2016-10135MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are…

  • CVE-2018-14839KEVMay 14, 2019
    risk 0.19cvss epss 0.89

    LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.

  • CVE-2023-40504May 3, 2024
    risk 0.10cvss epss 0.88

    LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2023-40498May 3, 2024
    risk 0.10cvss epss 0.83

    LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2024-2862Mar 25, 2024
    risk 0.06cvss epss 0.51

    This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.

  • CVE-2024-2863Mar 25, 2024
    risk 0.04cvss epss 0.67

    This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.

  • CVE-2023-40497May 3, 2024
    risk 0.03cvss epss 0.67

    LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2023-40494May 3, 2024
    risk 0.03cvss epss 0.84

    LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-40492May 3, 2024
    risk 0.03cvss epss 0.84

    LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2021-38306Aug 24, 2021
    risk 0.03cvss epss 0.09

    Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.

  • CVE-2023-40502May 3, 2024
    risk 0.02cvss epss 0.84

    LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2023-40496May 3, 2024
    risk 0.02cvss epss 0.77

    LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.…

  • CVE-2023-40495May 3, 2024
    risk 0.02cvss epss 0.77

    LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-6319Apr 9, 2024
    risk 0.01cvss epss 0.06

    A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make…

  • CVE-2023-41181May 3, 2024
    risk 0.00cvss epss 0.02

    LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit…

  • CVE-2023-40517May 3, 2024
    risk 0.00cvss epss 0.02

    LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required…

  • CVE-2023-40516May 3, 2024
    risk 0.00cvss epss 0.00

    LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2023-40515May 3, 2024
    risk 0.00cvss epss 0.01

    LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.…

  • CVE-2023-40514May 3, 2024
    risk 0.00cvss epss 0.03

    LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to…

  • CVE-2023-40513May 3, 2024
    risk 0.00cvss epss 0.03

    LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to…

  • CVE-2023-40512May 3, 2024
    risk 0.00cvss epss 0.03

    LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to…

  • CVE-2023-40511May 3, 2024
    risk 0.00cvss epss 0.01

    LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2023-40510May 3, 2024
    risk 0.00cvss epss 0.01

    LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists…

  • CVE-2023-40509May 3, 2024
    risk 0.00cvss epss 0.02

    LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-40508May 3, 2024
    risk 0.00cvss epss 0.02

    LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2023-40507May 3, 2024
    risk 0.00cvss epss 0.01

    LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this…

  • CVE-2023-40506May 3, 2024
    risk 0.00cvss epss 0.01

    LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this…

  • CVE-2023-40505May 3, 2024
    risk 0.00cvss epss 0.02

    LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-40503May 3, 2024
    risk 0.00cvss epss 0.01

    LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this…

  • CVE-2023-40501May 3, 2024
    risk 0.00cvss epss 0.01

    LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-40500May 3, 2024
    risk 0.00cvss epss 0.01

    LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-40499May 3, 2024
    risk 0.00cvss epss 0.02

    LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2023-40493May 3, 2024
    risk 0.00cvss epss 0.02

    LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-6320Apr 9, 2024
    risk 0.00cvss epss 0.04

    A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to…

  • CVE-2023-6318Apr 9, 2024
    risk 0.00cvss epss 0.05

    A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated…

  • CVE-2023-6317Apr 9, 2024
    risk 0.00cvss epss 0.01

    A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.  Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA …

  • CVE-2024-1886Feb 26, 2024
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage.

  • CVE-2024-1885Feb 26, 2024
    risk 0.00cvss epss 0.01

    This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage.

  • CVE-2023-44128Sep 27, 2023
    risk 0.00cvss epss 0.00

    he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the…

  • CVE-2023-44127Sep 27, 2023
    risk 0.00cvss epss 0.00

    he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

Page 1 of 2