Find a vulnerability
Search criteria
139 vulnerabilities by LG
VAR-201905-0745
Vulnerability from variot - Updated: 2025-11-18 15:27LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. LG N1A1 NAS Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LG N1A1 NAS is a network storage device produced by South Korea's LG (LG). The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0745",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n1a1",
"scope": "eq",
"trust": 1.8,
"vendor": "lg",
"version": "3718.510"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"db": "NVD",
"id": "CVE-2018-14839"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:lg:n1a1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
}
]
},
"cve": "CVE-2018-14839",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14839",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-125038",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14839",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14839",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14839",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2018-14839",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14839",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-609",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-125038",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-14839",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125038"
},
{
"db": "VULMON",
"id": "CVE-2018-14839"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"db": "NVD",
"id": "CVE-2018-14839"
},
{
"db": "NVD",
"id": "CVE-2018-14839"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. LG N1A1 NAS Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LG N1A1 NAS is a network storage device produced by South Korea\u0027s LG (LG). The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14839"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"db": "VULHUB",
"id": "VHN-125038"
},
{
"db": "VULMON",
"id": "CVE-2018-14839"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14839",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015437",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-609",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-125038",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-14839",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125038"
},
{
"db": "VULMON",
"id": "CVE-2018-14839"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"db": "NVD",
"id": "CVE-2018-14839"
}
]
},
"id": "VAR-201905-0745",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-125038"
}
],
"trust": 0.52857143
},
"last_update_date": "2025-11-18T15:27:32.693000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "N1A1DD1",
"trust": 0.8,
"url": "https://www.lg.com/us/support-product/lg-N1A1DD1"
},
{
"title": "LG N1A1 NAS Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92750"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125038"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"db": "NVD",
"id": "CVE-2018-14839"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14839"
},
{
"trust": 1.1,
"url": "https://medium.com/%400x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2018-14839"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14839"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125038"
},
{
"db": "VULMON",
"id": "CVE-2018-14839"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"db": "NVD",
"id": "CVE-2018-14839"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-125038"
},
{
"db": "VULMON",
"id": "CVE-2018-14839"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-609"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"db": "NVD",
"id": "CVE-2018-14839"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-125038"
},
{
"date": "2019-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14839"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-609"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"date": "2019-05-14T21:29:00.247000",
"db": "NVD",
"id": "CVE-2018-14839"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-125038"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14839"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-609"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015437"
},
{
"date": "2025-11-07T19:13:55.650000",
"db": "NVD",
"id": "CVE-2018-14839"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-609"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG N1A1 NAS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-609"
}
],
"trust": 0.6
}
}
VAR-201701-0480
Vulnerability from variot - Updated: 2025-04-20 23:40An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. MTK Use chipset LG The device contains a vulnerability that allows access to arbitrary third-party applications. Lgmobile is an Android smartphone owned by LG. There are multiple security bypass vulnerabilities in several LGAndroid MobileDevices. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mobile",
"scope": "eq",
"trust": 2.2,
"vendor": "lg",
"version": "5.0"
},
{
"model": "mobile",
"scope": "eq",
"trust": 2.2,
"vendor": "lg",
"version": "5.1"
},
{
"model": "mobile",
"scope": "eq",
"trust": 2.2,
"vendor": "lg",
"version": "6.0"
},
{
"model": "mobile",
"scope": "eq",
"trust": 2.2,
"vendor": "lg",
"version": "6.0.1"
},
{
"model": "mobile",
"scope": "eq",
"trust": 2.2,
"vendor": "lg",
"version": "7.0"
},
{
"model": "mobile",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0"
},
{
"model": "r1 hd",
"scope": "eq",
"trust": 0.3,
"vendor": "blu",
"version": "0"
},
{
"model": "advance",
"scope": "eq",
"trust": 0.3,
"vendor": "blu",
"version": "5.0"
},
{
"model": "electronics rca voyager tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "alco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"db": "BID",
"id": "96846"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-366"
},
{
"db": "NVD",
"id": "CVE-2016-10135"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:lg_electronics:lg_mobile",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "96846"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10135",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-10135",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-05315",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-10135",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10135",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-10135",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-05315",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-366",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-366"
},
{
"db": "NVD",
"id": "CVE-2016-10135"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user\u0027s outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. MTK Use chipset LG The device contains a vulnerability that allows access to arbitrary third-party applications. Lgmobile is an Android smartphone owned by LG. There are multiple security bypass vulnerabilities in several LGAndroid MobileDevices. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10135"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"db": "BID",
"id": "96846"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10135",
"trust": 3.3
},
{
"db": "BID",
"id": "96846",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006891",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-05315",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201701-366",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"db": "BID",
"id": "96846"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-366"
},
{
"db": "NVD",
"id": "CVE-2016-10135"
}
]
},
"id": "VAR-201701-0480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05315"
}
],
"trust": 1.02857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05315"
}
]
},
"last_update_date": "2025-04-20T23:40:12.422000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LG Mobile Security Maintenance Releases (SMR-JAN-2017)",
"trust": 0.8,
"url": "https://lgsecurity.lge.com/security_updates.html"
},
{
"title": "Multiple LGAndroid MobileDevices have multiple security bypass bugs",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92354"
},
{
"title": "Various mobile phone product information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74760"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-366"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"db": "NVD",
"id": "CVE-2016-10135"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://lgsecurity.lge.com/security_updates.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96846"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10135"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-10135"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10135"
},
{
"trust": 0.3,
"url": "http://www.lge.com/index.do"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"db": "BID",
"id": "96846"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-366"
},
{
"db": "NVD",
"id": "CVE-2016-10135"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"db": "BID",
"id": "96846"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-366"
},
{
"db": "NVD",
"id": "CVE-2016-10135"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"date": "2017-01-13T00:00:00",
"db": "BID",
"id": "96846"
},
{
"date": "2017-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-366"
},
{
"date": "2017-01-13T09:59:00.140000",
"db": "NVD",
"id": "CVE-2016-10135"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05315"
},
{
"date": "2017-03-16T01:02:00",
"db": "BID",
"id": "96846"
},
{
"date": "2017-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006891"
},
{
"date": "2017-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-366"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10135"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-366"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MTK Use chipset LG Vulnerabilities in devices that allow access to arbitrary third-party applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006891"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-366"
}
],
"trust": 0.6
}
}
VAR-201705-1945
Vulnerability from variot - Updated: 2025-04-20 23:34Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, unintended operations may be conducted. LGElectronicsL-04D is a wireless router from LG Electronics of South Korea. An attacker could exploit the vulnerability to perform unauthorized actions. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-1945",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "l-04d",
"scope": "eq",
"trust": 1.6,
"vendor": "nttdocomo",
"version": "v10a"
},
{
"model": "l-04d",
"scope": "eq",
"trust": 1.6,
"vendor": "nttdocomo",
"version": "v10b"
},
{
"model": "l-04d",
"scope": "eq",
"trust": 0.8,
"vendor": "lg",
"version": "firmware version v10a and v10b"
},
{
"model": "electronics l-04d 10a",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "electronics l-04d 10b",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "docomo inc l-04d 10b",
"scope": null,
"trust": 0.3,
"vendor": "ntt",
"version": null
},
{
"model": "docomo inc l-04d 10a",
"scope": null,
"trust": 0.3,
"vendor": "ntt",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lg_electronics:l-04d",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Atsuo Sakurai of Cyber Defense Institute, Inc.",
"sources": [
{
"db": "BID",
"id": "93278"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
],
"trust": 0.9
},
"cve": "CVE-2016-4854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4854",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000194",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-09013",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93673",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-4854",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000194",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000194",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-09013",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93673",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, unintended operations may be conducted. LGElectronicsL-04D is a wireless router from LG Electronics of South Korea. An attacker could exploit the vulnerability to perform unauthorized actions. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4854"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "VULHUB",
"id": "VHN-93673"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4854",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN46351856",
"trust": 2.8
},
{
"db": "BID",
"id": "93278",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-09013",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93673",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"id": "VAR-201705-1945",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
}
],
"trust": 1.27857144
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
}
]
},
"last_update_date": "2025-04-20T23:34:26.367000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mobile WiFi router L-04D (software update available on 2016/7/12)",
"trust": 0.8,
"url": "https://www.nttdocomo.co.jp/support/utilization/product_update/list/l04d/index.html#p04"
},
{
"title": "Patch for LGElectronicsL-04D Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82419"
},
{
"title": "LG Electronics L-04D Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64478"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn46351856/index.html"
},
{
"trust": 2.3,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000194"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93278"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4854"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4854"
},
{
"trust": 0.3,
"url": "https://www.nttdocomo.co.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"db": "VULHUB",
"id": "VHN-93673"
},
{
"db": "BID",
"id": "93278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
},
{
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"date": "2017-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-93673"
},
{
"date": "2016-10-03T00:00:00",
"db": "BID",
"id": "93278"
},
{
"date": "2016-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-046"
},
{
"date": "2017-05-22T16:29:00.183000",
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09013"
},
{
"date": "2017-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-93673"
},
{
"date": "2016-10-10T02:01:00",
"db": "BID",
"id": "93278"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000194"
},
{
"date": "2017-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-046"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-4854"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-046"
}
],
"trust": 0.6
}
}
VAR-201711-0036
Vulnerability from variot - Updated: 2025-04-20 23:29OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. LG devices based on Android are all smart devices based on the Android platform of South Korea's LG Group.
SystemUI application intents is one of the system applications.
SystemUI application intents in LG products based on platforms from Android 6.0 to 8.1 have security vulnerabilities that result from incorrect access control performed by the program. Remote attackers can use this vulnerability to bypass security restrictions and gain access to SystemUI applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openam",
"scope": "lte",
"trust": 1.0,
"vendor": "osstech",
"version": "11.0.0-112"
},
{
"model": "openam",
"scope": "gte",
"trust": 1.0,
"vendor": "osstech",
"version": "11.0.0"
},
{
"model": "openam",
"scope": "gte",
"trust": 1.0,
"vendor": "osstech",
"version": "9.5.5"
},
{
"model": "openam",
"scope": "lte",
"trust": 1.0,
"vendor": "osstech",
"version": "9.5.5-41"
},
{
"model": "openam",
"scope": "gte",
"trust": 1.0,
"vendor": "osstech",
"version": "13.0.0"
},
{
"model": "openam",
"scope": "lte",
"trust": 1.0,
"vendor": "osstech",
"version": "13.0.0-73"
},
{
"model": "openam",
"scope": "eq",
"trust": 0.8,
"vendor": "open source solution",
"version": "(open source edition)"
},
{
"model": "android",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "6.0"
},
{
"model": "devices based on android",
"scope": "gte",
"trust": 0.6,
"vendor": "lg",
"version": "6.0,\u003c=8.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x500"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x400"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x300"
},
{
"model": "q8",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "q6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v30"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v20"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v10"
},
{
"model": "g6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "g5",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "cam",
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:open_source_solution_technology:openam",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
}
]
},
"cve": "CVE-2017-10873",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-10873",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000231",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-28449",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-10873",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000231",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-10873",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000231",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-28449",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-084",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. LG devices based on Android are all smart devices based on the Android platform of South Korea\u0027s LG Group. \r\n\r\nSystemUI application intents is one of the system applications. \n\r\n\r\nSystemUI application intents in LG products based on platforms from Android 6.0 to 8.1 have security vulnerabilities that result from incorrect access control performed by the program. Remote attackers can use this vulnerability to bypass security restrictions and gain access to SystemUI applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10873"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10873",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN79546124",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28449",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"id": "VAR-201711-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
],
"trust": 1.1288461399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
]
},
"last_update_date": "2025-04-20T23:29:29.475000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fix Session Upgrade bypass at SAML IdP",
"trust": 0.8,
"url": "https://github.com/osstech-jp/openam/commit/3a27ed18e2b3e468a85a0ff7965d2c1f769ea9c6"
},
{
"title": "Information from OGIS-RI Co.,Ltd.",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/JVN79546124/996125/index.html"
},
{
"title": "Notice of OpenAM security vulnerability and product updates [AM20171101-1]",
"trust": 0.8,
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
},
{
"title": "Patch for LG product SystemUI application intents access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/217695"
},
{
"title": "ForgeRock OpenAM Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76087"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
},
{
"trust": 1.6,
"url": "https://www.cs.themistruct.com/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn79546124/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10873"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10873"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn79546124/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"date": "2017-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"date": "2017-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"date": "2017-11-02T15:29:00.290000",
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenAM (Open Source Edition) vulnerable to authentication bypass",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
}
],
"trust": 0.6
}
}
VAR-201709-0150
Vulnerability from variot - Updated: 2025-04-20 23:27WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. Used on multiple devices Android Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Wi-Fi Direct can support a pair of connected devices, enabling simultaneous connection of multiple devices, and the Wi-Fi Direct standard will support all Wi-Fi devices. Multiple Android Devices have a denial of service vulnerability that allows an attacker to initiate a denial of service attack. Successfully exploiting this issue will allow attackers to cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "4.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "4.2.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "4.1.2 (motorola razr hd)"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "4.2.2 (lg d806)"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "4.2.2 (samsung sm-t310)"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "4.4.4 (nexus 4)"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "4.4.4 (nexus 5)"
},
{
"model": "alliance wi-fi direct",
"scope": null,
"trust": 0.6,
"vendor": "wi fi",
"version": null
},
{
"model": "sm-t310",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "razr hd",
"scope": "eq",
"trust": 0.3,
"vendor": "motorola",
"version": "0"
},
{
"model": "d806",
"scope": "eq",
"trust": 0.3,
"vendor": "lg",
"version": "0"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00728"
},
{
"db": "BID",
"id": "72311"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-666"
},
{
"db": "NVD",
"id": "CVE-2014-0997"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:google:android",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andres Blanco from the CoreLabs Team",
"sources": [
{
"db": "BID",
"id": "72311"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-666"
}
],
"trust": 0.9
},
"cve": "CVE-2014-0997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0997",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00728",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-0997",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0997",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0997",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-00728",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-666",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00728"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-666"
},
{
"db": "NVD",
"id": "CVE-2014-0997"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. Used on multiple devices Android Contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Wi-Fi Direct can support a pair of connected devices, enabling simultaneous connection of multiple devices, and the Wi-Fi Direct standard will support all Wi-Fi devices. Multiple Android Devices have a denial of service vulnerability that allows an attacker to initiate a denial of service attack. \nSuccessfully exploiting this issue will allow attackers to cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0997"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"db": "CNVD",
"id": "CNVD-2015-00728"
},
{
"db": "BID",
"id": "72311"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0997",
"trust": 3.3
},
{
"db": "BID",
"id": "72311",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "130107",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "35913",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008389",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-00728",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "29108",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201501-666",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00728"
},
{
"db": "BID",
"id": "72311"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-666"
},
{
"db": "NVD",
"id": "CVE-2014-0997"
}
]
},
"id": "VAR-201709-0150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00728"
}
],
"trust": 1.2965608366666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00728"
}
]
},
"last_update_date": "2025-04-20T23:27:17.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.android.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"db": "NVD",
"id": "CVE-2014-0997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.coresecurity.com/advisories/android-wifi-direct-denial-service"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/72311"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/130107/android-wifi-direct-denial-of-service.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2015/jan/104"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/35913/"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/534544/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0997"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0997"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/534544/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/29108"
},
{
"trust": 0.3,
"url": "http://code.google.com/android/"
},
{
"trust": 0.3,
"url": "http://www.coresecurity.com/advisories/android-wifi-direct-denial-service "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00728"
},
{
"db": "BID",
"id": "72311"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-666"
},
{
"db": "NVD",
"id": "CVE-2014-0997"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00728"
},
{
"db": "BID",
"id": "72311"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-666"
},
{
"db": "NVD",
"id": "CVE-2014-0997"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00728"
},
{
"date": "2015-01-26T00:00:00",
"db": "BID",
"id": "72311"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"date": "2015-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-666"
},
{
"date": "2017-09-26T01:29:00.177000",
"db": "NVD",
"id": "CVE-2014-0997"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00728"
},
{
"date": "2015-01-26T00:00:00",
"db": "BID",
"id": "72311"
},
{
"date": "2017-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008389"
},
{
"date": "2017-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-666"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2014-0997"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-666"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Used on multiple devices Android Data processing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008389"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-666"
}
],
"trust": 0.6
}
}
VAR-201412-0585
Vulnerability from variot - Updated: 2025-04-13 23:25LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the device may bypass authentication and obtain information stored on the device. lG provides users with everything from TVs and audio and video to refrigerators, washing machines and air conditioners, vacuum cleaners, to mobile phones and computer accessories. LG Routers have security bypass vulnerabilities that allow an attacker to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Multiple LG Routers are prone to a security-bypass vulnerability. The following products are vulnerable: LG L-09C LG L-03E LG L-04D
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "l-03e",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-09c",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-04d",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-03e",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-04d",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-09c",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-09c/l-03e/l-04d",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lg_electronics:l-03e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lg_electronics:l-04d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lg_electronics:l-09c",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taiga Asano",
"sources": [
{
"db": "BID",
"id": "71413"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.9
},
"cve": "CVE-2014-7243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-7243",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-000140",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-08714",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7243",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-000140",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-08714",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-046",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the device may bypass authentication and obtain information stored on the device. lG provides users with everything from TVs and audio and video to refrigerators, washing machines and air conditioners, vacuum cleaners, to mobile phones and computer accessories. LG Routers have security bypass vulnerabilities that allow an attacker to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Multiple LG Routers are prone to a security-bypass vulnerability. \nThe following products are vulnerable:\nLG L-09C\nLG L-03E\nLG L-04D",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7243",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN71762315",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140",
"trust": 2.4
},
{
"db": "BID",
"id": "71413",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2014-08714",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"id": "VAR-201412-0585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
}
],
"trust": 1.0547619
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
}
]
},
"last_update_date": "2025-04-13T23:25:20.466000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from NTT DOCOMO, INC.",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/JVN71762315/995312/index.html"
},
{
"title": "Multiple LG Routers security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/52409"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://jvn.jp/en/jp/jvn71762315/index.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn71762315/995312/index.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000140.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7243"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7243"
},
{
"trust": 0.3,
"url": "http://www.lge.com/index.do"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71413"
},
{
"date": "2014-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"date": "2014-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"date": "2014-12-05T17:59:00.073000",
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71413"
},
{
"date": "2014-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"date": "2014-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Electronics mobile access routers lack access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.6
}
}
VAR-201412-0589
Vulnerability from variot - Updated: 2025-04-13 23:22Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation.". The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multiple vulnerabilities where userland data is not properly validated prior to use. Exploitation of these vulnerabilities may lead to arbitrary code execution or kernel memory content disclosure. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When the device is accessed through the Android Debug Bridge (adb), contents of the kernel memory may be obtained or arbitrary code may be executed to obtain root privileges. Local attackers can exploit these vulnerabilities to execute arbitrary code and gain sensitive information in the context of the user running the vulnerable application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prada phone l-02d",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "softbank 102sh",
"scope": "eq",
"trust": 1.0,
"vendor": "sharp",
"version": null
},
{
"model": "regza phone t-01d",
"scope": "eq",
"trust": 1.0,
"vendor": "fujitsu",
"version": null
},
{
"model": "arrows x lte f-05d",
"scope": "eq",
"trust": 1.0,
"vendor": "fujitsu",
"version": null
},
{
"model": "mobile",
"scope": "eq",
"trust": 1.0,
"vendor": "disney interactive",
"version": null
},
{
"model": "arrows tab lte f-01d",
"scope": "eq",
"trust": 1.0,
"vendor": "fujitsu",
"version": "*"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple venders",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-047"
},
{
"db": "NVD",
"id": "CVE-2014-7252"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Masaaki Chida of GREE",
"sources": [
{
"db": "BID",
"id": "71412"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-047"
}
],
"trust": 0.9
},
"cve": "CVE-2014-7252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2014-7252",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-000137",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7252",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-000137",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-047",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-047"
},
{
"db": "NVD",
"id": "CVE-2014-7252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and \"improper data validation.\". The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multiple vulnerabilities where userland data is not properly validated prior to use. Exploitation of these vulnerabilities may lead to arbitrary code execution or kernel memory content disclosure. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When the device is accessed through the Android Debug Bridge (adb), contents of the kernel memory may be obtained or arbitrary code may be executed to obtain root privileges. \nLocal attackers can exploit these vulnerabilities to execute arbitrary code and gain sensitive information in the context of the user running the vulnerable application",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7252"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"db": "BID",
"id": "71412"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7252",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVN67792023",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000137",
"trust": 2.4
},
{
"db": "BID",
"id": "71412",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201412-047",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "71412"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-047"
},
{
"db": "NVD",
"id": "CVE-2014-7252"
}
]
},
"id": "VAR-201412-0589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.39285714333333327
},
"last_update_date": "2025-04-13T23:22:30.767000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from NTT DOCOMO, INC.",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/JVN67792023/995312/index.html"
},
{
"title": "- SHARP handsets 102SH (Fix-May 31 2012 release software)",
"trust": 0.8,
"url": "http://www.softbank.jp/mobile/info/personal/software/20130830-01/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"db": "NVD",
"id": "CVE-2014-7252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://jvn.jp/en/jp/jvn67792023/index.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn67792023/397327/index.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000137.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn67792023/995312/index.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7252"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7252"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71412"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-047"
},
{
"db": "NVD",
"id": "CVE-2014-7252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "71412"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-047"
},
{
"db": "NVD",
"id": "CVE-2014-7252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71412"
},
{
"date": "2014-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"date": "2014-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-047"
},
{
"date": "2014-12-05T17:59:01.087000",
"db": "NVD",
"id": "CVE-2014-7252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71412"
},
{
"date": "2014-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000137"
},
{
"date": "2014-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-047"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "71412"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-047"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000137"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "71412"
}
],
"trust": 0.3
}
}
VAR-201203-0254
Vulnerability from variot - Updated: 2025-04-11 23:07The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page. LG-Nortel ELO GS24M Contains authentication bypass and information disclosure vulnerabilities. The LG-Nortel ELO GS24M is a switch device. Successful exploits will allow unauthenticated attackers to obtain sensitive information that may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0254",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "elo gs24m switch",
"scope": "eq",
"trust": 1.9,
"vendor": "lg nortel",
"version": null
},
{
"model": "lg-nortel elo gs24m",
"scope": "eq",
"trust": 1.5,
"vendor": "lg",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lg ericsson",
"version": null
},
{
"model": "elo gs24m",
"scope": null,
"trust": 0.8,
"vendor": "lg nortel",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#523027"
},
{
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"db": "CNVD",
"id": "CNVD-2012-1457"
},
{
"db": "BID",
"id": "52665"
},
{
"db": "BID",
"id": "78242"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-439"
},
{
"db": "NVD",
"id": "CVE-2012-1838"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lg-nortel:elo_gs24m_switch",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Christopher Campbell",
"sources": [
{
"db": "BID",
"id": "52665"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-872"
}
],
"trust": 0.9
},
"cve": "CVE-2012-1838",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-1838",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 8.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.5,
"exploitability": "HIGH",
"exploitabilityScore": 6.5,
"id": "VU#523027",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCOFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-55119",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1838",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#523027",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-1838",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-439",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55119",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#523027"
},
{
"db": "VULHUB",
"id": "VHN-55119"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-439"
},
{
"db": "NVD",
"id": "CVE-2012-1838"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page. LG-Nortel ELO GS24M Contains authentication bypass and information disclosure vulnerabilities. The LG-Nortel ELO GS24M is a switch device. \nSuccessful exploits will allow unauthenticated attackers to obtain sensitive information that may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1838"
},
{
"db": "CERT/CC",
"id": "VU#523027"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"db": "CNVD",
"id": "CNVD-2012-1457"
},
{
"db": "BID",
"id": "52665"
},
{
"db": "BID",
"id": "78242"
},
{
"db": "VULHUB",
"id": "VHN-55119"
}
],
"trust": 4.05
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/523027",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#523027"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#523027",
"trust": 5.1
},
{
"db": "NVD",
"id": "CVE-2012-1838",
"trust": 2.8
},
{
"db": "BID",
"id": "52665",
"trust": 2.1
},
{
"db": "OSVDB",
"id": "80370",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001910",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-439",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-1456",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2012-1457",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201210-872",
"trust": 0.6
},
{
"db": "BID",
"id": "78242",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-55119",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#523027"
},
{
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"db": "CNVD",
"id": "CNVD-2012-1457"
},
{
"db": "VULHUB",
"id": "VHN-55119"
},
{
"db": "BID",
"id": "52665"
},
{
"db": "BID",
"id": "78242"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-872"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-439"
},
{
"db": "NVD",
"id": "CVE-2012-1838"
}
]
},
"id": "VAR-201203-0254",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"db": "CNVD",
"id": "CNVD-2012-1457"
},
{
"db": "VULHUB",
"id": "VHN-55119"
}
],
"trust": 1.7690476033333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"db": "CNVD",
"id": "CNVD-2012-1457"
}
]
},
"last_update_date": "2025-04-11T23:07:25.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.lgericsson.com/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-592",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#523027"
},
{
"db": "VULHUB",
"id": "VHN-55119"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"db": "NVD",
"id": "CVE-2012-1838"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.3,
"url": "http://www.kb.cert.org/vuls/id/523027"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80370"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74237"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/592.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1838"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu523027"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1838"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/52665"
},
{
"trust": 0.3,
"url": "http://www.lgericsson.com/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#523027"
},
{
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"db": "CNVD",
"id": "CNVD-2012-1457"
},
{
"db": "VULHUB",
"id": "VHN-55119"
},
{
"db": "BID",
"id": "52665"
},
{
"db": "BID",
"id": "78242"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-872"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-439"
},
{
"db": "NVD",
"id": "CVE-2012-1838"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#523027"
},
{
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"db": "CNVD",
"id": "CNVD-2012-1457"
},
{
"db": "VULHUB",
"id": "VHN-55119"
},
{
"db": "BID",
"id": "52665"
},
{
"db": "BID",
"id": "78242"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201210-872"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-439"
},
{
"db": "NVD",
"id": "CVE-2012-1838"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "CERT/CC",
"id": "VU#523027"
},
{
"date": "2012-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"date": "2012-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1457"
},
{
"date": "2012-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-55119"
},
{
"date": "2012-03-21T00:00:00",
"db": "BID",
"id": "52665"
},
{
"date": "2012-03-22T00:00:00",
"db": "BID",
"id": "78242"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"date": "2012-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201210-872"
},
{
"date": "2012-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-439"
},
{
"date": "2012-03-22T10:17:09.410000",
"db": "NVD",
"id": "CVE-2012-1838"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-28T00:00:00",
"db": "CERT/CC",
"id": "VU#523027"
},
{
"date": "2012-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1456"
},
{
"date": "2012-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1457"
},
{
"date": "2018-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-55119"
},
{
"date": "2012-03-21T00:00:00",
"db": "BID",
"id": "52665"
},
{
"date": "2012-03-22T00:00:00",
"db": "BID",
"id": "78242"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001910"
},
{
"date": "2012-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201210-872"
},
{
"date": "2012-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-439"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1838"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201210-872"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-439"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG-Nortel ELO GS24M Switch contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#523027"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201210-872"
}
],
"trust": 0.6
}
}
VAR-201808-0362
Vulnerability from variot - Updated: 2024-11-23 23:12Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. GNSS application is one of the global satellite navigation applications. The vulnerability stems from the program's failure to perform correct access control. Remote attackers can use this vulnerability to gain access to GNSS applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0362",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 2.2,
"vendor": "google",
"version": "6.0"
},
{
"model": "android",
"scope": "eq",
"trust": 2.2,
"vendor": "google",
"version": "8.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "6.0 to 8.1"
},
{
"model": "devices based on android",
"scope": "gte",
"trust": 0.6,
"vendor": "lg",
"version": "6.0,\u003c=8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x500"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x400"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x300"
},
{
"model": "q8",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "q6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v30"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v20"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v10"
},
{
"model": "g6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "g5",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "cam",
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28452"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-534"
},
{
"db": "NVD",
"id": "CVE-2018-14982"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:google:android",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
}
]
},
"cve": "CVE-2018-14982",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14982",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28452",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14982",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14982",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14982",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-28452",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-534",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28452"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-534"
},
{
"db": "NVD",
"id": "CVE-2018-14982"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. GNSS application is one of the global satellite navigation applications. The vulnerability stems from the program\u0027s failure to perform correct access control. Remote attackers can use this vulnerability to gain access to GNSS applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14982"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"db": "CNVD",
"id": "CNVD-2020-28452"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14982",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009577",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28452",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-534",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28452"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-534"
},
{
"db": "NVD",
"id": "CVE-2018-14982"
}
]
},
"id": "VAR-201808-0362",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28452"
}
],
"trust": 1.1288461399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28452"
}
]
},
"last_update_date": "2024-11-23T23:12:04.637000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Android \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u95a2\u3059\u308b\u516c\u958b\u60c5\u5831",
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/index.html"
},
{
"title": "Patch for LG product GNSS application access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/217697"
},
{
"title": "LG product GNSS application Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84136"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28452"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-534"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"db": "NVD",
"id": "CVE-2018-14982"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://lgsecurity.lge.com/security_updates.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14982"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14982"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28452"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-534"
},
{
"db": "NVD",
"id": "CVE-2018-14982"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28452"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-534"
},
{
"db": "NVD",
"id": "CVE-2018-14982"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28452"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-534"
},
{
"date": "2018-08-17T20:29:16.413000",
"db": "NVD",
"id": "CVE-2018-14982"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28452"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009577"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-534"
},
{
"date": "2024-11-21T03:50:14.773000",
"db": "NVD",
"id": "CVE-2018-14982"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-534"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Runs on the device Android Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009577"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-534"
}
],
"trust": 0.6
}
}
VAR-201808-0462
Vulnerability from variot - Updated: 2024-11-23 23:08Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. SystemUI application intents is one of the system applications. The vulnerability stems from the program's failure to perform correct access control. A remote attacker can use this vulnerability to bypass security restrictions by sending a specially crafted request and gain access to MLT applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0462",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 2.2,
"vendor": "google",
"version": "6.0"
},
{
"model": "android",
"scope": "eq",
"trust": 2.2,
"vendor": "google",
"version": "8.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "6.0 to 8.1"
},
{
"model": "devices based on android",
"scope": "gte",
"trust": 0.6,
"vendor": "lg",
"version": "6.0,\u003c=8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x500"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x400"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x300"
},
{
"model": "q8",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "q6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v30"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v20"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v10"
},
{
"model": "g6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "g5",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "cam",
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-533"
},
{
"db": "NVD",
"id": "CVE-2018-15482"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:google:android",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
}
]
},
"cve": "CVE-2018-15482",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-15482",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28451",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-15482",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15482",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-15482",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-28451",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-533",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-533"
},
{
"db": "NVD",
"id": "CVE-2018-15482"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. SystemUI application intents is one of the system applications. The vulnerability stems from the program\u0027s failure to perform correct access control. A remote attacker can use this vulnerability to bypass security restrictions by sending a specially crafted request and gain access to MLT applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15482"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"db": "CNVD",
"id": "CNVD-2020-28451"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15482",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009546",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28451",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-533",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-533"
},
{
"db": "NVD",
"id": "CVE-2018-15482"
}
]
},
"id": "VAR-201808-0462",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28451"
}
],
"trust": 1.1288461399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28451"
}
]
},
"last_update_date": "2024-11-23T23:08:36.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Android \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u95a2\u3059\u308b\u516c\u958b\u60c5\u5831",
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/index.html"
},
{
"title": "Patch for LG product MLT application intents access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/217699"
},
{
"title": "LG product MLT application intents Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84135"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-533"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"db": "NVD",
"id": "CVE-2018-15482"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://lgsecurity.lge.com/security_updates.html"
},
{
"trust": 1.6,
"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15482"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15482"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-533"
},
{
"db": "NVD",
"id": "CVE-2018-15482"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-533"
},
{
"db": "NVD",
"id": "CVE-2018-15482"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28451"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-533"
},
{
"date": "2018-08-17T20:29:16.523000",
"db": "NVD",
"id": "CVE-2018-15482"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28451"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009546"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-533"
},
{
"date": "2024-11-21T03:50:54.547000",
"db": "NVD",
"id": "CVE-2018-15482"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-533"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Runs on the device Android Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009546"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-533"
}
],
"trust": 0.6
}
}
VAR-201905-0407
Vulnerability from variot - Updated: 2024-11-23 22:55An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today's_date}.log for reading a filename such as gapm7100_190101.log. LG GAMP-7100 , GAPM-7200 , GAPM-8000 The router contains an information disclosure vulnerability.Information may be obtained. LG GAMP-7100 is a router from LG. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected components. This vulnerability stems from configuration errors in network systems or products during operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0407",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gamp-7100",
"scope": null,
"trust": 1.4,
"vendor": "lg",
"version": null
},
{
"model": "gapm-7200",
"scope": null,
"trust": 1.4,
"vendor": "lg",
"version": null
},
{
"model": "gapm-8000",
"scope": null,
"trust": 1.4,
"vendor": "lg",
"version": null
},
{
"model": "gamp-7100",
"scope": "eq",
"trust": 1.0,
"vendor": "lg",
"version": null
},
{
"model": "gapm-8000",
"scope": "eq",
"trust": 1.0,
"vendor": "lg",
"version": null
},
{
"model": "gapm-7200",
"scope": "eq",
"trust": 1.0,
"vendor": "lg",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"db": "NVD",
"id": "CVE-2019-7404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:lg:gamp-7100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:gapm-7200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:gapm-8000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
}
]
},
"cve": "CVE-2019-7404",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-7404",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-33821",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158839",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-7404",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7404",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-7404",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-33821",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-310",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158839",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"db": "VULHUB",
"id": "VHN-158839"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-310"
},
{
"db": "NVD",
"id": "CVE-2019-7404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var/gapm7100_${today\u0027s_date}.log for reading a filename such as gapm7100_190101.log. LG GAMP-7100 , GAPM-7200 , GAPM-8000 The router contains an information disclosure vulnerability.Information may be obtained. LG GAMP-7100 is a router from LG. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected components. This vulnerability stems from configuration errors in network systems or products during operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7404"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"db": "VULHUB",
"id": "VHN-158839"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7404",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004505",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-310",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-33821",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158839",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"db": "VULHUB",
"id": "VHN-158839"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-310"
},
{
"db": "NVD",
"id": "CVE-2019-7404"
}
]
},
"id": "VAR-201905-0407",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"db": "VULHUB",
"id": "VHN-158839"
}
],
"trust": 1.1642857
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33821"
}
]
},
"last_update_date": "2024-11-23T22:55:33.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.lg.com/us"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158839"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"db": "NVD",
"id": "CVE-2019-7404"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/epistemophilia/cves/blob/master/lg-gamp-routers/cve-2019-7404/poc-cve-2019-7404.py"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7404"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7404"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov//vuln/detail/cve-2019-7404"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"db": "VULHUB",
"id": "VHN-158839"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-310"
},
{
"db": "NVD",
"id": "CVE-2019-7404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"db": "VULHUB",
"id": "VHN-158839"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-310"
},
{
"db": "NVD",
"id": "CVE-2019-7404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"date": "2019-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-158839"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"date": "2019-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-310"
},
{
"date": "2019-05-13T14:29:02.050000",
"db": "NVD",
"id": "CVE-2019-7404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33821"
},
{
"date": "2019-05-15T00:00:00",
"db": "VULHUB",
"id": "VHN-158839"
},
{
"date": "2019-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004505"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-310"
},
{
"date": "2024-11-21T04:48:09.970000",
"db": "NVD",
"id": "CVE-2019-7404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-310"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural LG Information disclosure vulnerability in router products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004505"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-310"
}
],
"trust": 0.6
}
}
VAR-201809-0853
Vulnerability from variot - Updated: 2024-11-23 22:21LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password. LG LNB, etc. A security vulnerability exists in several LG products. The following products are affected: LG LNB; LG LND; LG LNU; LG LNV*
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lnu5320r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnd5110",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnu5110r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnu3230r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnu7210r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnv5110r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnb5110",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnd5220r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnu7210r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnd7210",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnb5320",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnb7210",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnb5320r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnd7210r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnu3230r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnd5110r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnu5320r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnv7210r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnb5110",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnd3230r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnv5320r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnv7210",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnd5110",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnd5220r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnu5110r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnv7210r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnb5320",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnb7210",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnd7210",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnb5320r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnd3230r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnd7210r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnv5110r",
"scope": "gte",
"trust": 1.0,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnd5110r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnv5320r",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnv7210",
"scope": "lte",
"trust": 1.0,
"vendor": "lg",
"version": "1508190"
},
{
"model": "lnb5110",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnb5320",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnb5320r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnb7210",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnd3230r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnd5110",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnd5110r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnd5220r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnd7210",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnd7210r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnu3230r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnu5110r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnu5320r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnu7210r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnv5110r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnv5320r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnv7210",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnv7210r",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "lnd7210",
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "1310250"
},
{
"model": "lnd7210",
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "1508190"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-645"
},
{
"db": "NVD",
"id": "CVE-2018-16946"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:lg:lnb5110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnb5320_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnb5320r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnb7210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnd3230r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnd5110_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnd5110r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnd5220r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnd7210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnd7210r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnu3230r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnu5110r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnu5320r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnu7210r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnv5110r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnv5320r_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnv7210_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:lg:lnv7210r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
}
]
},
"cve": "CVE-2018-16946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-16946",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-127356",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-16946",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-16946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-16946",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-645",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-127356",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-16946",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127356"
},
{
"db": "VULMON",
"id": "CVE-2018-16946"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-645"
},
{
"db": "NVD",
"id": "CVE-2018-16946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log \u0026 Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password. LG LNB*, etc. A security vulnerability exists in several LG products. The following products are affected: LG LNB*; LG LND*; LG LNU*; LG LNV*",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16946"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"db": "VULHUB",
"id": "VHN-127356"
},
{
"db": "VULMON",
"id": "CVE-2018-16946"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-127356",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45394",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127356"
},
{
"db": "VULMON",
"id": "CVE-2018-16946"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "EXPLOIT-DB",
"id": "45394",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2018-16946",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010881",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-645",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "149317",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-97531",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-127356",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-16946",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127356"
},
{
"db": "VULMON",
"id": "CVE-2018-16946"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-645"
},
{
"db": "NVD",
"id": "CVE-2018-16946"
}
]
},
"id": "VAR-201809-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-127356"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:21:55.753000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.lg.com/us"
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-16946"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127356"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"db": "NVD",
"id": "CVE-2018-16946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.exploit-db.com/exploits/45394/"
},
{
"trust": 1.8,
"url": "https://github.com/egebalci/lg-smart-ip-device-backup-download"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16946"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16946"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/552.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127356"
},
{
"db": "VULMON",
"id": "CVE-2018-16946"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-645"
},
{
"db": "NVD",
"id": "CVE-2018-16946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-127356"
},
{
"db": "VULMON",
"id": "CVE-2018-16946"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-645"
},
{
"db": "NVD",
"id": "CVE-2018-16946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-127356"
},
{
"date": "2018-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16946"
},
{
"date": "2018-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-645"
},
{
"date": "2018-09-12T01:29:00.250000",
"db": "NVD",
"id": "CVE-2018-16946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-127356"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16946"
},
{
"date": "2018-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010881"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-645"
},
{
"date": "2024-11-21T03:53:33.647000",
"db": "NVD",
"id": "CVE-2018-16946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-645"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural LG smart network camera Vulnerabilities related to certificate and password management in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010881"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-645"
}
],
"trust": 0.6
}
}
VAR-201808-0361
Vulnerability from variot - Updated: 2024-11-23 21:40Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.
SystemUI application intents is one of the system applications. Remote attackers can use this vulnerability to bypass security restrictions and gain access to SystemUI applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 2.2,
"vendor": "google",
"version": "6.0"
},
{
"model": "android",
"scope": "eq",
"trust": 2.2,
"vendor": "google",
"version": "8.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "7.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "6.0 to 8.1"
},
{
"model": "devices based on android",
"scope": "gte",
"trust": 0.6,
"vendor": "lg",
"version": "6.0,\u003c=8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x500"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x400"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x300"
},
{
"model": "q8",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "q6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v30"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v20"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v10"
},
{
"model": "g6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "g5",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "cam",
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-535"
},
{
"db": "NVD",
"id": "CVE-2018-14981"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:google:android",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
}
]
},
"cve": "CVE-2018-14981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-14981",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-28449",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14981",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14981",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-14981",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-28449",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-535",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-535"
},
{
"db": "NVD",
"id": "CVE-2018-14981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. \r\n\r\nSystemUI application intents is one of the system applications. Remote attackers can use this vulnerability to bypass security restrictions and gain access to SystemUI applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14981"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14981",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009576",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28449",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-535",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-535"
},
{
"db": "NVD",
"id": "CVE-2018-14981"
}
]
},
"id": "VAR-201808-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
],
"trust": 1.1288461399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
]
},
"last_update_date": "2024-11-23T21:40:11.437000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Android \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u95a2\u3059\u308b\u516c\u958b\u60c5\u5831",
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/index.html"
},
{
"title": "Patch for LG product SystemUI application intents access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/217695"
},
{
"title": "LG product SystemUI application intents Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84137"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-535"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"db": "NVD",
"id": "CVE-2018-14981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://lgsecurity.lge.com/security_updates.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14981"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14981"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10873"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-535"
},
{
"db": "NVD",
"id": "CVE-2018-14981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-535"
},
{
"db": "NVD",
"id": "CVE-2018-14981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-535"
},
{
"date": "2018-08-17T20:29:16.290000",
"db": "NVD",
"id": "CVE-2018-14981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009576"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-535"
},
{
"date": "2024-11-21T03:50:14.610000",
"db": "NVD",
"id": "CVE-2018-14981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-535"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Runs on the device Android Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-535"
}
],
"trust": 0.6
}
}
CVE-2024-6179 (GCVE-0-2024-6179)
Vulnerability from nvd – Published: 2024-06-20 01:53 – Updated: 2024-08-01 21:33- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| URL | Tags |
|---|---|
| https://lgsecurity.lge.com/bulletins/idproducts#u… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG Electronics | SuperSign CMS |
Affected:
4.1.3 , < < 4.3.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:09:30.842188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:49:07.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuperSign CMS",
"vendor": "LG Electronics",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThan": "\u003c 4.3.1",
"status": "affected",
"version": "4.1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects SuperSign CMS: from 4.1.3 before \u0026lt; 4.3.1.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before \u003c 4.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:07:08.756Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in LG SuperSign CMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2024-6179",
"datePublished": "2024-06-20T01:53:11.588Z",
"dateReserved": "2024-06-19T23:30:15.754Z",
"dateUpdated": "2024-08-01T21:33:05.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6178 (GCVE-0-2024-6178)
Vulnerability from nvd – Published: 2024-06-20 01:51 – Updated: 2024-08-01 21:33- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| URL | Tags |
|---|---|
| https://lgsecurity.lge.com/bulletins/idproducts#u… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG Electronics | SuperSign CMS |
Affected:
4.1.3 , < < 4.3.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:10:06.307760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:49:18.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuperSign CMS",
"vendor": "LG Electronics",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThan": "\u003c 4.3.1",
"status": "affected",
"version": "4.1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects SuperSign CMS: from 4.1.3 before \u0026lt; 4.3.1.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before \u003c 4.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:06:06.572Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in LG SuperSign CMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2024-6178",
"datePublished": "2024-06-20T01:51:50.425Z",
"dateReserved": "2024-06-19T23:30:15.193Z",
"dateUpdated": "2024-08-01T21:33:05.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6177 (GCVE-0-2024-6177)
Vulnerability from nvd – Published: 2024-06-20 00:52 – Updated: 2024-08-01 21:33- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
| URL | Tags |
|---|---|
| https://lgsecurity.lge.com/bulletins/idproducts#u… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG Electronics | SuperSign CMS |
Affected:
4.1.3 , < < 4.3.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T13:42:33.166153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T13:42:45.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuperSign CMS",
"vendor": "LG Electronics",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThan": "\u003c 4.3.1",
"status": "affected",
"version": "4.1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects SuperSign CMS: from 4.1.3 before \u0026lt; 4.3.1.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before \u003c 4.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:05:47.714Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in LG SuperSign CMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2024-6177",
"datePublished": "2024-06-20T00:52:25.226Z",
"dateReserved": "2024-06-19T23:30:14.476Z",
"dateUpdated": "2024-08-01T21:33:05.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41181 (GCVE-0-2023-41181)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-08-02 18:54- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | SuperSign Media Editor |
Affected:
3.11.3_20171108
|
|
| lg | supersign_media_editor |
Affected:
- , ≤ 3.11.3_20171108
(custom)
cpe:2.3:a:lg:supersign_media_editor:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:supersign_media_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "supersign_media_editor",
"vendor": "lg",
"versions": [
{
"lessThanOrEqual": "3.11.3_20171108",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:18:58.519651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:31.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1220",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1220/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SuperSign Media Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "3.11.3_20171108"
}
]
}
],
"dateAssigned": "2023-08-24T19:26:26.649Z",
"datePublic": "2023-08-24T21:14:07.694Z",
"descriptions": [
{
"lang": "en",
"value": "LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the getSubFolderList method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-20330."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:11:42.944Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1220",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1220/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG SuperSign Media Editor getSubFolderList Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-41181",
"datePublished": "2024-05-03T02:11:42.944Z",
"dateReserved": "2023-08-24T19:16:24.556Z",
"dateUpdated": "2024-08-02T18:54:04.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40517 (GCVE-0-2023-40517)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-08-02 18:38- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | SuperSign Media Editor |
Affected:
3.11.3_20171108
|
|
| lg | supersign_media_editor |
Affected:
-
cpe:2.3:a:lg:supersign_media_editor:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:supersign_media_editor:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "supersign_media_editor",
"vendor": "lg",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T21:07:43.774601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:03.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1219",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1219/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SuperSign Media Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "3.11.3_20171108"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.891Z",
"datePublic": "2023-08-24T21:13:59.802Z",
"descriptions": [
{
"lang": "en",
"value": "LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the getObject method implemented in the ContentRestController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-20328."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:11:42.192Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1219",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1219/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40517",
"datePublished": "2024-05-03T02:11:42.192Z",
"dateReserved": "2023-08-14T21:06:28.917Z",
"dateUpdated": "2024-08-02T18:38:50.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40516 (GCVE-0-2023-40516)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-732 - Incorrect Permission Assignment for Critical Resource
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
|
| lg | simple_editor |
Affected:
0 , < 3.21.0
(custom)
cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_editor",
"vendor": "lg",
"versions": [
{
"lessThan": "3.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T20:32:20.922996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:25:22.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:49.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1218",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1218/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.886Z",
"datePublic": "2023-08-24T21:13:49.465Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of LG Simple Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The product sets incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20327."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:57.502Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1218",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1218/"
}
],
"source": {
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
},
"title": "LG Simple Editor Incorrect Permission Assignment Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40516",
"datePublished": "2024-05-03T02:11:41.380Z",
"dateReserved": "2023-08-14T21:06:28.917Z",
"dateUpdated": "2024-09-18T18:29:57.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40515 (GCVE-0-2023-40515)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-20 - Improper Input Validation
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
|
| lg | simple_editor |
Affected:
*
cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_editor",
"vendor": "lg",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T20:34:03.957846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:57.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:49.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1197",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1197/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.881Z",
"datePublic": "2023-08-24T21:11:37.732Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the joinAddUser method. The issue results from improper input validation. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.\n. Was ZDI-CAN-20048."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:56.791Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1197",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1197/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40515",
"datePublished": "2024-05-03T02:11:40.675Z",
"dateReserved": "2023-08-14T21:06:28.917Z",
"dateUpdated": "2024-09-18T18:29:56.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40514 (GCVE-0-2023-40514)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
|
| lg | simple_editor |
Affected:
0 , < 3.21.0
(custom)
cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_editor",
"vendor": "lg",
"versions": [
{
"lessThan": "3.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T20:33:05.582984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:22:01.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1196",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1196/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.876Z",
"datePublic": "2023-08-24T21:11:31.764Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the getImageByFilename method in the FileManagerController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.\n. Was ZDI-CAN-20016."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:56.062Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1196",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1196/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40514",
"datePublished": "2024-05-03T02:11:39.943Z",
"dateReserved": "2023-08-14T21:06:28.917Z",
"dateUpdated": "2024-09-18T18:29:56.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40513 (GCVE-0-2023-40513)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T19:13:48.699215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:50.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1195",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1195/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.871Z",
"datePublic": "2023-08-24T21:11:25.001Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the getImageByFilename method in the UserManageController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.\n. Was ZDI-CAN-20015."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:55.324Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1195",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1195/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40513",
"datePublished": "2024-05-03T02:11:39.201Z",
"dateReserved": "2023-08-14T21:06:28.916Z",
"dateUpdated": "2024-09-18T18:29:55.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40512 (GCVE-0-2023-40512)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
|
| lg | simple_editor |
Affected:
0 , < 3.21.0
(custom)
cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_editor",
"vendor": "lg",
"versions": [
{
"lessThan": "3.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T20:31:04.400668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:24:00.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:49.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1216",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1216/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.866Z",
"datePublic": "2023-08-24T21:13:30.496Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the getImageByFilename method in the PlayerController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.\n. Was ZDI-CAN-20014."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:54.640Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1216",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1216/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40512",
"datePublished": "2024-05-03T02:11:38.491Z",
"dateReserved": "2023-08-14T21:06:28.916Z",
"dateUpdated": "2024-09-18T18:29:54.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40511 (GCVE-0-2023-40511)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
|
| lg | simple_editor |
Affected:
0 , < 3.21.0
(custom)
cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_editor",
"vendor": "lg",
"versions": [
{
"lessThan": "3.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T20:33:48.551979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:21:54.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:49.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1215",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1215/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.861Z",
"datePublic": "2023-08-24T21:13:24.245Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the checkServer method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system.\n. Was ZDI-CAN-20013."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:53.951Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1215",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1215/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG Simple Editor checkServer Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40511",
"datePublished": "2024-05-03T02:11:37.691Z",
"dateReserved": "2023-08-14T21:06:28.916Z",
"dateUpdated": "2024-09-18T18:29:53.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40510 (GCVE-0-2023-40510)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
|
| lg | simple_editor |
Affected:
0 , < 3.21.0
(custom)
cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_editor",
"vendor": "lg",
"versions": [
{
"lessThan": "3.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T21:01:37.022056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:23:09.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:49.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1214",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1214/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.855Z",
"datePublic": "2023-08-24T21:13:18.463Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the getServerSetting method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system.\n. Was ZDI-CAN-20012."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:53.194Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1214",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1214/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG Simple Editor getServerSetting Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40510",
"datePublished": "2024-05-03T02:11:36.903Z",
"dateReserved": "2023-08-14T21:06:28.916Z",
"dateUpdated": "2024-09-18T18:29:53.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40509 (GCVE-0-2023-40509)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
|
| lg | simple_editor |
Affected:
0 , < 3.21.0
(custom)
cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_editor",
"vendor": "lg",
"versions": [
{
"lessThan": "3.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T21:08:45.633965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:23:26.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:49.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1213",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1213/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.850Z",
"datePublic": "2023-08-24T21:13:12.879Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the deleteCanvas method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM.\n. Was ZDI-CAN-20011."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:52.482Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1213",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1213/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40509",
"datePublished": "2024-05-03T02:11:36.140Z",
"dateReserved": "2023-08-14T21:06:28.916Z",
"dateUpdated": "2024-09-18T18:29:52.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40508 (GCVE-0-2023-40508)
Vulnerability from nvd – Published: 2024-05-03 02:11 – Updated: 2024-09-18 18:29- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG | Simple Editor |
Affected:
LG Simple Editor 3.21.0
|
|
| lg | simple_editor |
Affected:
0 , < 3.21.0
(custom)
cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:lg:simple_editor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simple_editor",
"vendor": "lg",
"versions": [
{
"lessThan": "3.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T20:34:47.753123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:19:37.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1212",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1212/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Simple Editor",
"vendor": "LG",
"versions": [
{
"status": "affected",
"version": "LG Simple Editor 3.21.0"
}
]
}
],
"dateAssigned": "2023-08-14T21:14:46.845Z",
"datePublic": "2023-08-24T21:13:06.936Z",
"descriptions": [
{
"lang": "en",
"value": "LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the putCanvasDB method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM.\n. Was ZDI-CAN-20010."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:29:51.753Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1212",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1212/"
}
],
"source": {
"lang": "en",
"value": "rgod"
},
"title": "LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-40508",
"datePublished": "2024-05-03T02:11:35.371Z",
"dateReserved": "2023-08-14T21:06:28.916Z",
"dateUpdated": "2024-09-18T18:29:51.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6179 (GCVE-0-2024-6179)
Vulnerability from cvelistv5 – Published: 2024-06-20 01:53 – Updated: 2024-08-01 21:33- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| URL | Tags |
|---|---|
| https://lgsecurity.lge.com/bulletins/idproducts#u… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG Electronics | SuperSign CMS |
Affected:
4.1.3 , < < 4.3.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:09:30.842188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:49:07.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuperSign CMS",
"vendor": "LG Electronics",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThan": "\u003c 4.3.1",
"status": "affected",
"version": "4.1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects SuperSign CMS: from 4.1.3 before \u0026lt; 4.3.1.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before \u003c 4.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:07:08.756Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in LG SuperSign CMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2024-6179",
"datePublished": "2024-06-20T01:53:11.588Z",
"dateReserved": "2024-06-19T23:30:15.754Z",
"dateUpdated": "2024-08-01T21:33:05.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6178 (GCVE-0-2024-6178)
Vulnerability from cvelistv5 – Published: 2024-06-20 01:51 – Updated: 2024-08-01 21:33- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| URL | Tags |
|---|---|
| https://lgsecurity.lge.com/bulletins/idproducts#u… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG Electronics | SuperSign CMS |
Affected:
4.1.3 , < < 4.3.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:10:06.307760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:49:18.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuperSign CMS",
"vendor": "LG Electronics",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThan": "\u003c 4.3.1",
"status": "affected",
"version": "4.1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects SuperSign CMS: from 4.1.3 before \u0026lt; 4.3.1.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before \u003c 4.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:06:06.572Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in LG SuperSign CMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2024-6178",
"datePublished": "2024-06-20T01:51:50.425Z",
"dateReserved": "2024-06-19T23:30:15.193Z",
"dateUpdated": "2024-08-01T21:33:05.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6177 (GCVE-0-2024-6177)
Vulnerability from cvelistv5 – Published: 2024-06-20 00:52 – Updated: 2024-08-01 21:33- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
| URL | Tags |
|---|---|
| https://lgsecurity.lge.com/bulletins/idproducts#u… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| LG Electronics | SuperSign CMS |
Affected:
4.1.3 , < < 4.3.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T13:42:33.166153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T13:42:45.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SuperSign CMS",
"vendor": "LG Electronics",
"versions": [
{
"changes": [
{
"at": "4.3.1",
"status": "unaffected"
}
],
"lessThan": "\u003c 4.3.1",
"status": "affected",
"version": "4.1.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects SuperSign CMS: from 4.1.3 before \u0026lt; 4.3.1.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before \u003c 4.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T02:05:47.714Z",
"orgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"shortName": "LGE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XSS vulnerability in LG SuperSign CMS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "42f21055-226c-4bce-a3c8-ecf55a3551fb",
"assignerShortName": "LGE",
"cveId": "CVE-2024-6177",
"datePublished": "2024-06-20T00:52:25.226Z",
"dateReserved": "2024-06-19T23:30:14.476Z",
"dateUpdated": "2024-08-01T21:33:05.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}