This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED...
5.3CVSS
7.5AI Score
0.0004EPSS
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED...
9.1CVSS
7.6AI Score
0.0004EPSS
This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG...
3CVSS
4.3AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG...
6.3CVSS
6.9AI Score
0.0004EPSS
The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action...
6.3CVSS
6.3AI Score
0.0004EPSS
The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could...
7.8CVSS
7.6AI Score
0.0005EPSS
The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers,...
5.5CVSS
5.4AI Score
0.0004EPSS
The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a....
3.3CVSS
4.4AI Score
0.0004EPSS
The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could...
7.8CVSS
7.6AI Score
0.0005EPSS
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()"...
3.6CVSS
4.5AI Score
0.001EPSS
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...
7.8CVSS
7.6AI Score
0.0005EPSS
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...
3.3CVSS
4.6AI Score
0.0004EPSS
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone...
5.5CVSS
5.5AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation.....
9.8CVSS
9.6AI Score
0.019EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper....
9.8CVSS
9.6AI Score
0.019EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper....
7.5CVSS
7.3AI Score
0.002EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper...
7.5CVSS
7.3AI Score
0.002EPSS
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in _COMPONENT of LG Electronics (LGPCSuite_Setup),...
5.5CVSS
7.3AI Score
0.001EPSS
LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified...
6.5AI Score
0.003EPSS