3 matches found
CVE-2018-16287
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
CVE-2018-16706
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
CVE-2018-16286
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.