Shodan
Vulnerabilities
Vulnerable Software
Lg:  Security Vulnerabilities
CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVSS Score
9.8
EPSS Score
0.766
Published
2018-09-21
CVE-2018-16287
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-09-14
CVE-2018-16288
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
CVSS Score
8.6
EPSS Score
0.637
Published
2018-09-14
CVE-2018-16706
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
CVSS Score
7.5
EPSS Score
0.038
Published
2018-09-14
CVE-2018-16286
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-14
CVE-2018-16946
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.
CVSS Score
7.5
EPSS Score
0.115
Published
2018-09-12
CVE-2018-14981
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.
CVSS Score
9.8
EPSS Score
0.001
Published
2018-08-17
CVE-2018-14982
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.
CVSS Score
9.8
EPSS Score
0.001
Published
2018-08-17
CVE-2018-15482
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.
CVSS Score
9.8
EPSS Score
0.001
Published
2018-08-17
CVE-2018-10229
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-05-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved