LG LED Assistant 安全漏洞

LG LED Assistant is a software from Luckin LG Korea. It is used to set up LED lights. A security vulnerability exists in LG LED Assistant. A remote attacker could exploit the vulnerability to traverse a path by uploading a file...

LG LED Assistant 授权问题漏洞

LG LED Assistant is a software from Luckin LG Korea. It is used to set up LED lights. A security vulnerability exists in LG LED Assistant. A remote attacker could exploit the vulnerability to reset an anonymous user's password...

PT-2024-22498

Name of the Vulnerable Software and Affected Versions LG LED Assistant affected versions not specified Description This issue allows remote attackers to traverse paths via file upload on the affected system. Recommendations At the moment, there is no information about a newer version that contain...

LG LED Assistant Detection

Binary data lgledassistantdetect.nbin...

LG LED Assistant Path Traversal (CVE-2023-4613)

Binary data lgledassistantcve-2023-4613.nbin...

CVE-2023-4614

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

CVE-2023-4615

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...

CVE-2023-4616

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

CVE-2023-4615

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...

CVE-2023-4616 thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...

CVE-2023-4616

CVE-2023-4616 concerns a path traversal in LG LED Assistant’s /api/thumbnail endpoint. The vulnerability stems from insufficient validation of a user-supplied path before performing file operations, enabling an unauthenticated attacker to read sensitive information in the context of the current u...

CVE-2023-4615 updateFile Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...

CVE-2023-4615 updateFile Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...

CVE-2023-4615

CVE-2023-4615 affects LG LED Assistant. Root cause: missing validation of a user-supplied path in /api/download/updateFile, enabling directory traversal. Impact: unauthenticated remote disclosure of sensitive information in the current user context over the network. Affected product: LG LED Assis...

CVE-2023-4614 setThumbnailRC Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

CVE-2023-4614

LG LED Assistant is affected by CVE-2023-4614 due to a path traversal flaw in the /api/installation/setThumbnailRc endpoint, caused by insufficient validation of a user-supplied path. This unauthenticated vulnerability can be leveraged to access files in the current user context; some sources des...

CVE-2023-4613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...

CVE-2023-4613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...