CVE-2018-16706

HIGH

LG SuperSign CMS - Unauthenticated Denial of Service via /qsr_server/device/reboot Endpoint

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-16706. PoCs published by Nurdilin.

AI-analyzed exploit summary This PoC exploits CVE-2018-16706, a vulnerability in a TV device's web service allowing unauthenticated reboot via an HTTP GET request to port 9080. The script sends a simple request to trigger the reboot functionality.

Description

LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.

Exploits (1)

nomisec WORKING POC 6 stars

by Nurdilin · poc

https://github.com/Nurdilin/CVE-2018-16706

View Code ZIP pw:eip

This PoC exploits CVE-2018-16706, a vulnerability in a TV device's web service allowing unauthenticated reboot via an HTTP GET request to port 9080. The script sends a simple request to trigger the reboot functionality.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Unknown TV device (likely a specific model with web service on port 9080)

No auth needed

Prerequisites: Network access to the target device on port 9080

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html

Scores

CVSS v3 7.5

EPSS 0.2233

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-425

Status published

Products (1)

lg/supersign_cms

Published Sep 14, 2018

Tracked Since Feb 18, 2026