Lg

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-4614 1Lg 1Lg Led Assistant Nov 21, 2024 Sep 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/i...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.Show less
CVE-2023-4613 1Lg 1Lg Led Assistant Nov 21, 2024 Sep 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/s...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.Show less
CVE-2022-45422 1Lg 1Smart Share Apr 28, 2025 Nov 21, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.
CVE-2022-23731 1Lg 1Webos Nov 21, 2024 Mar 11, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.
CVE-2022-23730 1Lg 1Webos Nov 21, 2024 Mar 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The public API error causes for the attacker to be able to bypass API access control.
CVE-2022-23727 1Lg 1Webos Nov 21, 2024 Jan 28, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker...Show more There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilegeShow less
CVE-2021-38306 1Lg 1N1t1 Firmware Nov 21, 2024 Aug 24, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.
CVE-2020-7807 1Lg 4Ipsfullhd Lg UltrawideLgpcsuite Setup+1 more Nov 21, 2024 Sep 14, 2020 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity...Show more A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64).Show less
CVE-2019-20781 1Lg 1Bridge Nov 21, 2024 Apr 29, 2020 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.
CVE-2019-20769 1Lg 1Pc Suite Nov 21, 2024 Apr 17, 2020 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2...Show more An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).Show less
CVE-2020-9759 1Lg 1Webos Nov 21, 2024 Mar 23, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulne...Show more A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.Show less
CVE-2018-14839 1Lg 1N1a1 Firmware Nov 7, 2025 May 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
CVE-2019-7404 1Lg 3Gamp 7100 Firmware Gapm 7200 FirmwareGapm 8000 Firmware Nov 21, 2024 May 13, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_d...Show more An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.Show less
CVE-2019-8372 1Lg 1Lha.sys Nov 21, 2024 Feb 18, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system priv...Show more The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.Show less
CVE-2018-17173 1Lg 1Supersign Cms Nov 21, 2024 Sep 21, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVE-2018-16706 1Lg 1Supersign Cms Nov 21, 2024 Sep 14, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
CVE-2018-16288 1Lg 1Supersign Cms Nov 21, 2024 Sep 14, 2018 N/A· v4 8.6 HIGH· v3 7.8 HIGH· v2 LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
CVE-2018-16287 1Lg 1Supersign Cms Nov 21, 2024 Sep 14, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
CVE-2018-16286 1Lg 1Supersign Cms Nov 21, 2024 Sep 14, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
CVE-2018-16946 1Lg 18Lnb5110 Firmware Lnb5320 FirmwareLnb5320r Firmware+15 more Nov 21, 2024 Sep 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without aut...Show more LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.Show less

Previous 1 234 Next