LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Lg
Subscribe
|
Lnb5110
Subscribe
Lnb5110 Firmware
Subscribe
Lnb5320
Subscribe
Lnb5320 Firmware
Subscribe
Lnb5320r
Subscribe
Lnb5320r Firmware
Subscribe
Lnb7210
Subscribe
Lnb7210 Firmware
Subscribe
Lnd3230r
Subscribe
Lnd3230r Firmware
Subscribe
Lnd5110
Subscribe
Lnd5110 Firmware
Subscribe
Lnd5110r
Subscribe
Lnd5110r Firmware
Subscribe
Lnd5220r
Subscribe
Lnd5220r Firmware
Subscribe
Lnd7210
Subscribe
Lnd7210 Firmware
Subscribe
Lnd7210r
Subscribe
Lnd7210r Firmware
Subscribe
Lnu3230r
Subscribe
Lnu3230r Firmware
Subscribe
Lnu5110r
Subscribe
Lnu5110r Firmware
Subscribe
Lnu5320r
Subscribe
Lnu5320r Firmware
Subscribe
Lnu7210r
Subscribe
Lnu7210r Firmware
Subscribe
Lnv5110r
Subscribe
Lnv5110r Firmware
Subscribe
Lnv5320r
Subscribe
Lnv5320r Firmware
Subscribe
Lnv7210
Subscribe
Lnv7210 Firmware
Subscribe
Lnv7210r
Subscribe
Lnv7210r Firmware
Subscribe
|
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T10:39:57.673Z
Reserved: 2018-09-11T00:00:00
Link: CVE-2018-16946
No data.
Status : Modified
Published: 2018-09-12T01:29:00.250
Modified: 2024-11-21T03:53:33.647
Link: CVE-2018-16946
No data.
OpenCVE Enrichment
No data.
Weaknesses