Lg: Security Vulnerabilities
An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-04-29
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July 2019).
CVSS Score
9.8
EPSS Score
0.001
Published
2020-04-17
An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).
CVSS Score
7.8
EPSS Score
0.001
Published
2020-04-17
A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.
CVSS Score
4.6
EPSS Score
0.002
Published
2020-03-23
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.
CVSS Score
7.0
EPSS Score
0.001
Published
2020-02-12
CVE-2018-14839
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
Known exploited
CVSS Score
9.8
EPSS Score
0.915
Published
2019-05-14
An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log.
CVSS Score
7.5
EPSS Score
0.01
Published
2019-05-13
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
CVSS Score
7.0
EPSS Score
0.002
Published
2019-02-18
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVSS Score
9.8
EPSS Score
0.783
Published
2018-09-21
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-09-14