CVE-2018-16946

high-risk

Published 2018-09-12

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.

Do I need to act?

11.0% chance of exploitation in next 30 days

EPSS score — higher than 89% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45394

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (18)

Lnb5110 Firmware

Lnb5320 Firmware

Lnb5320R Firmware

Lnb7210 Firmware

Lnd3230R Firmware

Lnd5110 Firmware

Lnd5110R Firmware

Lnd5220R Firmware

Lnd7210 Firmware

Lnd7210R Firmware

Lnu3230R Firmware

Lnu5110R Firmware

Lnu5320R Firmware

Lnu7210R Firmware

Lnv5110R Firmware

Lnv5320R Firmware

Lnv7210 Firmware

Lnv7210R Firmware

Affected Vendors

References (4)

Exploit https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download

Exploit https://www.exploit-db.com/exploits/45394/

Exploit https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download

Exploit https://www.exploit-db.com/exploits/45394/

/ 100

high-risk

Severity 26/34 · High

Exploitability 11/34 · Low

Exposure 19/34 · Moderate