3 matches found
CVE-2023-4615
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...
CVE-2023-4615 updateFile Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...
CVE-2023-4615
CVE-2023-4615 affects LG LED Assistant. Root cause: missing validation of a user-supplied path in /api/download/updateFile, enabling directory traversal. Impact: unauthenticated remote disclosure of sensitive information in the current user context over the network. Affected product: LG LED Assis...