← back
CVE-2018-14839

CVE-2018-14839

CVSS 9.8 CRITICALEPSS 89.4%● KEVCWE-78
In short

An LG NAS device running firmware 3718.510 allows attackers to run arbitrary code remotely by sending specially crafted HTTP POST requests. This is critical because it gives complete control of the device to anyone with network access.

Technical detail

CWE-78 command injection vulnerability in LG N1A1 NAS 3718.510 accessible via HTTP POST parameters without proper input validation or sanitization. Unauthenticated remote attackers can execute arbitrary system commands, achieving full device compromise with no user interaction required.

Summary generated and translated by AI from the official description.
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://medium.com/%400x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14839