Check Point Reference: |
CPAI-2024-0230 |
Date Published: |
6 May 2024 |
Severity: |
High
|
Last Updated: |
Monday 06 May, 2024 |
Source: |
|
Industry Reference: | CVE-2024-2862
|
Protection Provided by: |
Security Gateway R81, R80, R77, R75 |
Who is Vulnerable? | LG LED Assistant v2.1.65 and prior |
Vulnerability Description |
An unverified password reset vulnerability exists for LG LED Assistant. This vulnerability is due to the design weakness in the API changePw endpoint.Successfully exploiting this vulnerability could result in arbitrary password reset without any verification. |