CVE-2025-10204

HIGH EXPLOITED NUCLEI

AC Smart II - Auth Bypass

Title source: llm

Description

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.

Nuclei Templates (1)

AC Smart II - Authentication Bypass

HIGHVERIFIEDby theeldruin

Shodan: html:"Doc/WebLogin.asp"

FOFA: body="Doc/WebLogin.asp"

References (1)

[Various Sources] https://lgsecurity.lge.com/bulletins

Scores

CVSS v4 7.1

EPSS 0.0235

EPSS Percentile 84.9%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Details

VulnCheck KEV 2025-12-31

CWE

CWE-306

Status published

Products (1)

LG Electronics/AC Smart II 2.1.9

Published Sep 14, 2025

Tracked Since Feb 18, 2026