9.8
CVE-2024-2862
- EPSS 74.52%
- Veröffentlicht 25.03.2024 07:15:50
- Zuletzt bearbeitet 01.04.2025 17:08:43
- Quelle product.security@lge.com
- CVE-Watchlists
- Unerledigt
LoginPassword reset vulnerability without authorization on LG LED Assistant
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lg ≫ Lg Led Assistant Version2.1.65
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.52% | 0.988 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| product.security@lge.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.