CVE-2018-16946

Published Sep 12, 2018
Last updated 5 years ago
CVSS high 7.5
Overview

Description: LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-552
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnb5110_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3F3DF01-2134-43D7-87C0-3D600A85D861",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnb5110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E22342B8-08FF-4E78-B722-2292A43C99BE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnb5320_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2601E730-7B9E-415E-972D-6D50A4D09329",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnb5320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C687374B-76D0-4E6F-8DB4-DEC20D9E1221"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnb5320r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "493EA638-53EF-450C-B1A0-71137E908060",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnb5320r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B381ADC6-F4BD-4E0A-A4C5-786F9AE40B9D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnb7210_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BAF1B54-A5F6-4BFA-AA07-DBACE39B2DEA",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnb7210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FB57F5EB-B002-4392-A0A9-208AE898C488"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnd3230r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CB1419B-4C0A-468A-A8F0-3A41B8D6DA35",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnd3230r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "564CCD03-C9BC-46A7-BACB-5D3D3B8911DD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnd5110_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9440651F-87BB-435F-B68A-ABF8D58B4A04",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnd5110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6559D3B7-0149-43B6-8301-6CBC54364AAF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnd5110r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95D03DC5-565E-4A33-A036-7922103F196B",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnd5110r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E94BF17C-B5A4-4796-9791-6E7F88EFD60E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnd5220r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7B5E8AB-9481-4B30-8448-0AC30D967183",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnd5220r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "86BAD494-9C6F-4E26-A89F-2755926CED5C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnd7210_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30092646-0B0A-478C-BEEB-93D42E0084D5",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnd7210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F88DB85-352A-4DC0-B083-B7088B6AE6E3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnd7210r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E7ED548-25CF-4931-ACFC-273B58548069",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnd7210r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26294E8B-EF21-428B-A14D-028175BD999E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnu3230r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFF8974F-4C30-4252-902F-BE32D63D987F",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnu3230r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC6F9DE7-06FC-4C86-852B-6BECFBA4AF33"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnu5110r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF29735F-E2E7-465B-AE02-9264AB4D9211",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnu5110r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D02B58B7-76FC-482E-8B1B-BD81F8260466"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnu5320r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "381EAB96-A539-4CDE-B265-858E388C25E6",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnu5320r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B891D187-5C4B-4F99-9DE5-F9155D2987F7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnu7210r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "224853AC-7132-4EAC-87AF-8E9688E8288D",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnu7210r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BA773931-749D-45C5-81C2-8D441D476EE1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnv5110r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CB1A590-5D22-47BB-9B77-72323E3028EE",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnv5110r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C0ADCC02-11E6-4192-BAC8-4967FA897FF7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnv5320r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C00103D4-4692-4C32-B2D3-0C78D41622C3",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnv5320r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "649D72F0-C4E3-43AA-81D8-79C3DAA5A58E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnv7210_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF4BA9A2-E90F-40C7-AEBE-FE088B3703FE",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnv7210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "397213B3-1C58-4DAB-A7C1-6DAF87DC78F3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:lnv7210r_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8B33AFB-2D8A-465A-8D82-BAD9B104E815",
            "versionEndIncluding": "1508190",
            "versionStartIncluding": "1310250"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:lnv7210r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C7B8BF2-44E9-43E9-A311-8958C990E3CE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
