VAR-201412-0585
Vulnerability from variot - Updated: 2023-12-18 13:44LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the device may bypass authentication and obtain information stored on the device. lG provides users with everything from TVs and audio and video to refrigerators, washing machines and air conditioners, vacuum cleaners, to mobile phones and computer accessories. LG Routers have security bypass vulnerabilities that allow an attacker to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Multiple LG Routers are prone to a security-bypass vulnerability. The following products are vulnerable: LG L-09C LG L-03E LG L-04D
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "l-09c",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-03e",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-04d",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-03e",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-04d",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-09c",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-09c/l-03e/l-04d",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lg:l-04d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lg:l-09c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lg:l-03e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taiga Asano",
"sources": [
{
"db": "BID",
"id": "71413"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.9
},
"cve": "CVE-2014-7243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-000140",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-08714",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-7243",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-000140",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-08714",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-046",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the device may bypass authentication and obtain information stored on the device. lG provides users with everything from TVs and audio and video to refrigerators, washing machines and air conditioners, vacuum cleaners, to mobile phones and computer accessories. LG Routers have security bypass vulnerabilities that allow an attacker to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Multiple LG Routers are prone to a security-bypass vulnerability. \nThe following products are vulnerable:\nLG L-09C\nLG L-03E\nLG L-04D",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7243",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN71762315",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140",
"trust": 2.4
},
{
"db": "BID",
"id": "71413",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2014-08714",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
]
},
"id": "VAR-201412-0585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
}
],
"trust": 1.0547619
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
}
]
},
"last_update_date": "2023-12-18T13:44:22.208000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from NTT DOCOMO, INC.",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn71762315/995312/index.html"
},
{
"title": "Multiple LG Routers security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52409"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://jvn.jp/en/jp/jvn71762315/index.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn71762315/995312/index.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000140.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7243"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7243"
},
{
"trust": 0.3,
"url": "http://www.lge.com/index.do"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71413"
},
{
"date": "2014-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"date": "2014-12-05T17:59:00.073000",
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"date": "2014-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71413"
},
{
"date": "2014-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"date": "2015-10-28T18:11:30.340000",
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"date": "2014-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Electronics mobile access routers lack access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…