CVE-2020-9759

MEDIUM

LG Webos - Download Without Integrity Check

Title source: rule

Description

A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.

References (2)

[Exploit, Third Party Advisory] https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html

[Mailing List, Not Applicable, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html

Scores

CVSS v3 4.6

EPSS 0.0016

EPSS Percentile 36.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-494

Status published

Products (1)

lg/webos

Published Mar 23, 2020

Tracked Since Feb 18, 2026