Vulnerabilities > LG > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-04-09 CVE-2023-6317 Unspecified vulnerability in LG Webos
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7.
network
low complexity
lg
critical
9.8
2024-03-25 CVE-2024-2862 Weak Password Recovery Mechanism for Forgotten Password vulnerability in LG LED Assistant 2.1.65
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
network
low complexity
lg CWE-640
critical
9.8
2024-02-26 CVE-2024-1885 Unspecified vulnerability in LG Webos Signage 6.0.056
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage.
network
low complexity
lg
critical
9.8
2023-09-04 CVE-2023-4614 Path Traversal vulnerability in LG LED Assistant 2.1.45
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant.
network
low complexity
lg CWE-22
critical
9.8
2023-09-04 CVE-2023-4613 Path Traversal vulnerability in LG LED Assistant 2.1.45
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant.
network
low complexity
lg CWE-22
critical
9.8
2022-03-11 CVE-2022-23730 Unspecified vulnerability in LG Webos
The public API error causes for the attacker to be able to bypass API access control.
network
low complexity
lg
critical
9.8
2021-08-24 CVE-2021-38306 OS Command Injection vulnerability in LG N1T1 Firmware
Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter.
network
low complexity
lg CWE-78
critical
9.8
2019-05-14 CVE-2018-14839 OS Command Injection vulnerability in LG N1A1 Firmware 3718.510
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution.
network
low complexity
lg CWE-78
critical
9.8
2018-09-21 CVE-2018-17173 Code Injection vulnerability in LG Supersign CMS 2.5
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
network
low complexity
lg CWE-94
critical
9.8
2018-09-14 CVE-2018-16287 Unrestricted Upload of File with Dangerous Type vulnerability in LG Supersign CMS
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
network
low complexity
lg CWE-434
critical
9.8