LG AC Smart II Unauthorized Password Change Vulnerability

Vulnerability

A vulnerability exists in LG AC Smart II that allows for unauthorized password changes. The issue arises from a hidden form on the password reset page for administrators. Attackers can use developer tools to reveal and interact with this form, changing the administrator password without any login verification or consideration of user permissions.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the administrator password, potentially leading to unauthorized administrative access.

Added: Sep 14, 2025, 1:20 PM

Updated: Sep 14, 2025, 1:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LG AC Smart II Unauthorized Password Change Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating