var-201412-0585
Vulnerability from variot
LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the device may bypass authentication and obtain information stored on the device. lG provides users with everything from TVs and audio and video to refrigerators, washing machines and air conditioners, vacuum cleaners, to mobile phones and computer accessories. LG Routers have security bypass vulnerabilities that allow an attacker to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Multiple LG Routers are prone to a security-bypass vulnerability. The following products are vulnerable: LG L-09C LG L-03E LG L-04D
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "l-03e",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-09c",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-04d",
"scope": "eq",
"trust": 1.6,
"vendor": "lg",
"version": null
},
{
"model": "l-03e",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-04d",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-09c",
"scope": null,
"trust": 0.8,
"vendor": "lg",
"version": null
},
{
"model": "l-09c/l-03e/l-04d",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:lg_electronics:l-03e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lg_electronics:l-04d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:lg_electronics:l-09c",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taiga Asano",
"sources": [
{
"db": "BID",
"id": "71413"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.9
},
"cve": "CVE-2014-7243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-7243",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-000140",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-08714",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7243",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-000140",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-08714",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-046",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the device may bypass authentication and obtain information stored on the device. lG provides users with everything from TVs and audio and video to refrigerators, washing machines and air conditioners, vacuum cleaners, to mobile phones and computer accessories. LG Routers have security bypass vulnerabilities that allow an attacker to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Multiple LG Routers are prone to a security-bypass vulnerability. \nThe following products are vulnerable:\nLG L-09C\nLG L-03E\nLG L-04D",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7243"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7243",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN71762315",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140",
"trust": 2.4
},
{
"db": "BID",
"id": "71413",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2014-08714",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"id": "VAR-201412-0585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
}
],
"trust": 1.0547619
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
}
]
},
"last_update_date": "2024-11-23T22:13:33.474000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from NTT DOCOMO, INC.",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/JVN71762315/995312/index.html"
},
{
"title": "Multiple LG Routers security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/52409"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://jvn.jp/en/jp/jvn71762315/index.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/en/jp/jvn71762315/995312/index.html"
},
{
"trust": 1.6,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000140.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7243"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7243"
},
{
"trust": 0.3,
"url": "http://www.lge.com/index.do"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"db": "BID",
"id": "71413"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71413"
},
{
"date": "2014-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"date": "2014-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"date": "2014-12-05T17:59:00.073000",
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08714"
},
{
"date": "2014-12-02T00:00:00",
"db": "BID",
"id": "71413"
},
{
"date": "2014-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000140"
},
{
"date": "2014-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-046"
},
{
"date": "2024-11-21T02:16:36.043000",
"db": "NVD",
"id": "CVE-2014-7243"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LG Electronics mobile access routers lack access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-046"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…