9.8
CVE-2024-2862
- EPSS 42.36%
- Veröffentlicht 25.03.2024 07:15:50
- Zuletzt bearbeitet 01.04.2025 17:08:43
- Quelle product.security@lge.com
- Teams Watchlist Login
- Unerledigt Login
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lg ≫ Lg Led Assistant Version2.1.65
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 42.36% | 0.973 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| product.security@lge.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.