How severe is CVE-2018-16946?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-16946?

This is classified as CWE-552, which is a common weakness in software security.

CVE-2018-16946 - HIGH Severity | CVSS 7.5

Vulnerability Description

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password.

Related Vulnerabilities

CVE-2017-11746

HIGH

CVSS:7.5(High)

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tensh...

CWE-5522017

CVE-2017-12079

HIGH

CVSS:7.5(High)

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via pr...

CWE-5522017

CVE-2017-2551

HIGH

CVSS:7.5(High)

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.

CWE-5522017

CVE-2018-10863

HIGH

CVSS:7.5(High)

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An un...

CWE-5522018

CVE-2018-10869

HIGH

CVSS:7.5(High)

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

CWE-5522018

CVE-2018-5112

HIGH

CVSS:7.5(High)

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could a...

CWE-5522018