LG SuperSign CMS allows remote malicious users to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
lg supersign cms 2.5