CVE-2024-2863
MEDIUM EXPLOITED NUCLEILG LED Assistant - Thumbnail Path Traversal File Upload
Title source: nucleiExploitation Summary
CVE-2024-2863 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.
Nuclei Templates (1)
LG LED Assistant - Thumbnail Path Traversal File Upload
HIGHVERIFIEDby beginee
Shodan:
http.title:"LG LED Assistant" OR http.title:"LED Assistant"
References (1)
Core 1
Core References
Vendor Advisory
https://lgsecurity.lge.com/bulletins/idproducts#updateDetails
Scores
CVSS v3
5.3
EPSS
0.6697
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2026-01-14
CWE
CWE-22
CWE-35
Status
published
Products (1)
lg/lg_led_assistant
2.1.65
Published
Mar 25, 2024
Tracked Since
Feb 18, 2026