CVE-2024-2862 CRITICAL

CVE-2024-2862: Password reset vulnerability without authorization on LG LED Assistant

Vendor Lg Electronics
Product LG LED Assistant
Weakness CWE-287 · Improper authentication
Published March 25, 2024
Last update August 28, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.

Key dates

02Disclosure timeline

March 25, 2024 CVE published
August 28, 2024 Record updated