CVE-2019-20778

CRITICAL

LG Android 7.0-9.0 - Improper Input Validation in Backup Subsystem

Title source: llm
STIX 2.1

Description

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Backup subsystem does not properly restrict operations or validate their input. The LG ID is LVE-SMP-190004 (June 2019).

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://lgsecurity.lge.com/

Scores

CVSS v3 9.8
EPSS 0.0044
EPSS Percentile 35.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (6)
google/android 7.0
google/android 7.1
google/android 7.2
google/android 8.0
google/android 8.1
google/android 9.0
Published Apr 17, 2020
Tracked Since Feb 18, 2026