CVE-2018-14839
CVE-2018-14839
Vexday Risk Score
80High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.8EPSS 89.4%KEV simPoC —Patch —
Lifecycle
14 May 2019Published on NVD
25 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
An LG NAS device running firmware 3718.510 allows attackers to run arbitrary code remotely by sending specially crafted HTTP POST requests. This is critical because it gives complete control of the device to anyone with network access.
Technical detail
CWE-78 command injection vulnerability in LG N1A1 NAS 3718.510 accessible via HTTP POST parameters without proper input validation or sanitization. Unauthenticated remote attackers can execute arbitrary system commands, achieving full device compromise with no user interaction required.
Summary generated and translated by AI from the official description.
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →