Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16288 | 1 Lg | 1 Supersign Cms | 2023-12-10 | 7.8 HIGH | 8.6 HIGH |
| LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. | |||||
| CVE-2018-16706 | 1 Lg | 1 Supersign Cms | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. | |||||
| CVE-2018-16286 | 1 Lg | 1 Supersign Cms | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. | |||||
| CVE-2018-16287 | 1 Lg | 1 Supersign Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. | |||||
| CVE-2018-17173 | 1 Lg | 1 Supersign Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. | |||||