CVE-2018-16946

Exploit

EPSS 11.52%
Published 12.09.2018 01:29:00
Last modified 21.11.2024 03:53:33
Source cve@mitre.org
Teams watchlist Login
Open Login

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Lg ≫ Lnb5110 Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnb5110 Version-

Lg ≫ Lnb5320 Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnb5320 Version-

Lg ≫ Lnb5320r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnb5320r Version-

Lg ≫ Lnb7210 Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnb7210 Version-

Lg ≫ Lnd3230r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnd3230r Version-

Lg ≫ Lnd5110 Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnd5110 Version-

Lg ≫ Lnd5110r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnd5110r Version-

Lg ≫ Lnd5220r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnd5220r Version-

Lg ≫ Lnd7210 Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnd7210 Version-

Lg ≫ Lnd7210r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnd7210r Version-

Lg ≫ Lnu3230r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnu3230r Version-

Lg ≫ Lnu5110r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnu5110r Version-

Lg ≫ Lnu5320r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnu5320r Version-

Lg ≫ Lnu7210r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnu7210r Version-

Lg ≫ Lnv5110r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnv5110r Version-

Lg ≫ Lnv5320r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnv5320r Version-

Lg ≫ Lnv7210 Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnv7210 Version-

Lg ≫ Lnv7210r Firmware Version >= 1310250 <= 1508190

Lg ≫ Lnv7210r Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	11.52%	0.933

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download

Third Party Advisory

Exploit

https://www.exploit-db.com/exploits/45394/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-16946

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16946

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16946

EUVD