Vulnerabilities > LG

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-38306 OS Command Injection vulnerability in LG N1T1 Firmware
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.
network
low complexity
lg CWE-78
critical
10.0
2020-09-14 CVE-2020-7807 Improper Validation of Integrity Check Value vulnerability in LG products
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants.
local
lg CWE-354
1.9
2020-04-29 CVE-2019-20781 Improper Privilege Management vulnerability in LG Bridge
An issue was discovered in LG Bridge before April 2019 on Windows.
local
lg CWE-269
4.4
2020-04-17 CVE-2019-20777 Unspecified vulnerability in Google Android
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software.
network
low complexity
google lg
7.5
2020-04-17 CVE-2019-20769 Untrusted Search Path vulnerability in LG PC Suite 5.3.27
An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier).
local
lg CWE-426
4.4
2020-02-12 CVE-2013-3685 Race Condition vulnerability in Spritesoftware Spritebackup and Spritebud
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.
6.9
2019-05-14 CVE-2018-14839 OS Command Injection vulnerability in LG N1A1 Firmware 3718.510
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution.
network
low complexity
lg CWE-78
7.5
2019-05-13 CVE-2019-7404 Information Exposure vulnerability in LG products
An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers.
network
low complexity
lg CWE-200
5.0
2019-02-18 CVE-2019-8372 Link Following vulnerability in LG Lha.Sys
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges.
local
lg CWE-59
6.9
2018-09-21 CVE-2018-17173 Code Injection vulnerability in LG Supersign CMS 2.5
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
network
low complexity
lg CWE-94
7.5