9.8
CVE-2024-2862
- EPSS 42.36%
- Published 25.03.2024 07:15:50
- Last modified 01.04.2025 17:08:43
- Source product.security@lge.com
- Teams watchlist Login
- Open Login
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
Data is provided by the National Vulnerability Database (NVD)
Lg ≫ Lg Led Assistant Version2.1.65
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 42.36% | 0.973 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| product.security@lge.com | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.