Intrusion Prevention

LG.Smart.IP.Camera.Unauthenticated.Backup.File.Download

Description

This indicates an attack attempt against an Arbitrary File Download vulnerability in multiple LG Smart IP Camera.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP request. Via a crafted HTTP request, it allows an unauthenticated remote attacker to download the vulnerable systems backup file that result in disclosure of information which could be used to further compromise the targeted system.

Affected Products

LNB5110 with firmware from version 1310250 to version 1508190
LNB5320 with firmware from version 1310250 to version 1508190
LNB5320R with firmware from version 1310250 to version 1508190
LNB7210 with firmware from version 1310250 to version 1508190
LND3230R with firmware from version 1310250 to version 1508190
LND5110 with firmware from version 1310250 to version 1508190
LND5110R with firmware from version 1310250 to version 1508190
LND5220R with firmware from version 1310250 to version 1508190
LND7210 with firmware from version 1310250 to version 1508190
LND7210R with firmware from version 1310250 to version 1508190
LNU3230R with firmware from version 1310250 to version 1508190
LNU5110R with firmware from version 1310250 to version 1508190
LNU5320R with firmware from version 1310250 to version 1508190
LNU7210R with firmware from version 1310250 to version 1508190
LNV5110R with firmware from version 1310250 to version 1508190
LNV5320R with firmware from version 1310250 to version 1508190
LNV7210 with firmware from version 1310250 to version 1508190
LNV7210R with firmware from version 1310250 to version 1508190

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2018-16946

Other References

45394