CVE-2025-10204

Vulnerability Description

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.

Related Weaknesses (CWE)

CWE-306

References

https://lgsecurity.lge.com/bulletins

FAQ

What is CVE-2025-10204?

CVE-2025-10204 is a documented vulnerability. A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can man...

How severe is CVE-2025-10204?

CVSS scoring is not yet available for CVE-2025-10204. Check NVD for updates.

Is there a patch for CVE-2025-10204?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.