LG Electronics Security Vulnerabilities

CVE-2024-2863

This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED...

CVE-2024-2862

This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED...

CVE-2024-1886

This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG...

CVE-2024-1885

This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG...

CVE-2023-44121

The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action...

CVE-2023-44125

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could...

CVE-2023-44126

The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers,...

CVE-2023-44129

The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a....

CVE-2023-44123

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could...

CVE-2023-44128

he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()"...

CVE-2023-44122

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2023-44124

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2023-44127

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone...

CVE-2023-4613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation.....

CVE-2023-4614

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper....

CVE-2023-4615

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper....

CVE-2023-4616

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper...

CVE-2020-7807

A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in _COMPONENT of LG Electronics (LGPCSuite_Setup),...

CVE-2014-7243

LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified...