CVE-2018-16946 — HIGH (7.5)

Q: How severe is CVE-2018-16946?

CVE-2018-16946 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16946?

Check the references section above for vendor advisories and patch information. Affected products include: Lg Lnb5110 Firmware, Lg Lnb5110, Lg Lnb5320 Firmware, Lg Lnb5320, Lg Lnb5320R Firmware.

Vulnerability Description

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lg	Lnb5110 Firmware	>= 1310250, <= 1508190
Lg	Lnb5110	-
Lg	Lnb5320 Firmware	>= 1310250, <= 1508190
Lg	Lnb5320	-
Lg	Lnb5320R Firmware	>= 1310250, <= 1508190
Lg	Lnb5320R	-
Lg	Lnb7210 Firmware	>= 1310250, <= 1508190
Lg	Lnb7210	-
Lg	Lnd3230R Firmware	>= 1310250, <= 1508190
Lg	Lnd3230R	-
Lg	Lnd5110 Firmware	>= 1310250, <= 1508190
Lg	Lnd5110	-
Lg	Lnd5110R Firmware	>= 1310250, <= 1508190
Lg	Lnd5110R	-
Lg	Lnd5220R Firmware	>= 1310250, <= 1508190
Lg	Lnd5220R	-
Lg	Lnd7210 Firmware	>= 1310250, <= 1508190
Lg	Lnd7210	-
Lg	Lnd7210R Firmware	>= 1310250, <= 1508190
Lg	Lnd7210R	-

Related Weaknesses (CWE)

CWE-552

References

https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-DownloadExploitThird Party Advisory
https://www.exploit-db.com/exploits/45394/ExploitThird Party AdvisoryVDB Entry
https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-DownloadExploitThird Party Advisory
https://www.exploit-db.com/exploits/45394/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-16946?

CVE-2018-16946 is a vulnerability with a CVSS score of 7.5 (HIGH). LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via downl...

How severe is CVE-2018-16946?

CVE-2018-16946 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16946?

Check the references section above for vendor advisories and patch information. Affected products include: Lg Lnb5110 Firmware, Lg Lnb5110, Lg Lnb5320 Firmware, Lg Lnb5320, Lg Lnb5320R Firmware.