This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: LGE
Published: 2023-09-04T10:33:28.596Z
Updated: 2024-08-02T07:31:06.627Z
Reserved: 2023-08-30T08:06:51.973Z
Link: CVE-2023-4614
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-04T11:15:41.560
Modified: 2023-09-08T14:14:50.043
Link: CVE-2023-4614
Redhat
No data.