CVE-2024-2863
published 2024-03-25CVE-2024-2863: This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
66.97%
99.2th percentile
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lg | lg_led_assistant | — | — |
| lg_electronics | lg_led_assistant | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
shodan-query: 'http.title:"LG LED Assistant" OR http.title:"LED Assistant"'
- →Monitor for unauthenticated POST requests to /api/thumbnail containing path traversal sequences (e.g., '../') in the 'fileName' parameter, indicating an attempt to write files outside the intended directory. ↗
- →The Nuclei template uses target_filename '/../../../../../../Users/Public/poc_test.txt' and target_fileStr 'bWFsaWNpb3VzIGNvbnRlbnQ%3d' as the POST body to /api/thumbnail — watch for these patterns in web logs.
- →The vulnerability requires no authentication (PR:N, UI:N); any source IP can exploit it. Prioritize blocking or alerting on external access to /api/thumbnail on port 8787. ↗
- ·The affected product is LG LED Assistant v2.1.65 specifically; no patch or vendor mitigation was available at time of disclosure. ↗
- ·At time of writing, no vendor patch or recommended mitigation exists for this vulnerability. ↗
- ·The vulnerable endpoint handler is located in Common.js; the traversal occurs via the 'fileName' POST parameter which is not sanitized before use in file write operations. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v728-2v4r-c686: This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant
ghsa_unreviewed·2024-03-25
CVE-2024-2863 [MEDIUM] CWE-22 GHSA-v728-2v4r-c686: This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
VulnCheck
LG lg_led_assistant Path Traversal: '.../...//'
vulncheck·2024·CVSS 5.3
CVE-2024-2863 [MEDIUM] LG lg_led_assistant Path Traversal: '.../...//'
LG lg_led_assistant Path Traversal: '.../...//'
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
Affected: LG lg_led_assistant
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2024-2863
No detection rules found.
Nuclei
LG LED Assistant - Thumbnail Path Traversal File Upload
nuclei·CVSS 9.8
CVE-2024-2863 [CRITICAL] LG LED Assistant - Thumbnail Path Traversal File Upload
LG LED Assistant - Thumbnail Path Traversal File Upload
A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed.
Template:
id: CVE-2024-2863
info:
name: LG LED Assistant - Thumbnail Path Traversal File Upload
author: beginee
severity: high
description: |
A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed.
reference:
- https://www.tenable.com/security/research/tra-2024-08
- https://nvd.nist.gov/vuln/detail/CVE-2024-2863
clas
2024-03-25
Published
Exploited in the wild