Filtered by vendor Lg
Subscriptions
Filtered by product Lg Led Assistant
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2863 | 1 Lg | 1 Lg Led Assistant | 2025-04-04 | 5.3 Medium |
| This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. | ||||
| CVE-2024-2862 | 1 Lg | 1 Lg Led Assistant | 2025-04-01 | 9.1 Critical |
| This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | ||||
| CVE-2023-4616 | 1 Lg | 1 Lg Led Assistant | 2024-11-21 | 7.5 High |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user. | ||||
| CVE-2023-4615 | 1 Lg | 1 Lg Led Assistant | 2024-11-21 | 7.5 High |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user. | ||||
| CVE-2023-4614 | 1 Lg | 1 Lg Led Assistant | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. | ||||
| CVE-2023-4613 | 1 Lg | 1 Lg Led Assistant | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. | ||||
Page 1 of 1.