#VU28535 Improper Neutralization of Special Elements in Output Used by a Downstream Component in LG Electronics products - CVE-2020-12753
Published: June 3, 2020
Vulnerability identifier: #VU28535
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2020-12753
CWE-ID: CWE-74
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Google Android
LG DH50
LG DH5
LG DH40
LG DH35
LG DH30
LG DH15
LG DH10
LG Q70
LG Q60
LG K50
LG K40
LG K30
LG K20
LG CV7AS
LG CV1S
LG CV7
LG CV5
LG CV3
LG CV1
LG X cam
LG X500
LG X400
LG X300
LG Q8
LG Q6
LG V60
LG V50
LG V40
LG V35
LG V30
LG V20
LG G8
LG G7
LG G6
Google Android
LG DH50
LG DH5
LG DH40
LG DH35
LG DH30
LG DH15
LG DH10
LG Q70
LG Q60
LG K50
LG K40
LG K30
LG K20
LG CV7AS
LG CV1S
LG CV7
LG CV5
LG CV3
LG CV1
LG X cam
LG X500
LG X400
LG X300
LG Q8
LG Q6
LG V60
LG V50
LG V40
LG V35
LG V30
LG V20
LG G8
LG G7
LG G6
Software vendor:
Google
LG Electronics
LG Electronics
Description
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to improper validation of input in the bootloader. A remote attacker can execute arbitrary code on the system.
Note: The LG ID is LVE-SMP-200006
Remediation
Install updates from vendor's website.