Details of VAR-201412-0585

ID

VAR-201412-0585

CVE

CVE-2014-7243

TITLE

LG Electronics mobile access routers lack access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2014-000140

DESCRIPTION

LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the device may bypass authentication and obtain information stored on the device. lG provides users with everything from TVs and audio and video to refrigerators, washing machines and air conditioners, vacuum cleaners, to mobile phones and computer accessories. LG Routers have security bypass vulnerabilities that allow an attacker to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Multiple LG Routers are prone to a security-bypass vulnerability. The following products are vulnerable: LG L-09C LG L-03E LG L-04D

Trust: 2.43

sources: NVD: CVE-2014-7243 // JVNDB: JVNDB-2014-000140 // CNVD: CNVD-2014-08714 // BID: 71413

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08714

AFFECTED PRODUCTS

vendor:	lg	model:	l-03e	scope:	eq	version:	-	Trust: 1.6
vendor:	lg	model:	l-09c	scope:	eq	version:	-	Trust: 1.6
vendor:	lg	model:	l-04d	scope:	eq	version:	-	Trust: 1.6
vendor:	lg	model:	l-03e	scope:	-	version:	-	Trust: 0.8
vendor:	lg	model:	l-04d	scope:	-	version:	-	Trust: 0.8
vendor:	lg	model:	l-09c	scope:	-	version:	-	Trust: 0.8
vendor:	lg	model:	l-09c/l-03e/l-04d	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-08714 // JVNDB: JVNDB-2014-000140 // CNNVD: CNNVD-201412-046 // NVD: CVE-2014-7243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7243
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2014-000140
value:	LOW
Trust: 0.8
CNVD:	CNVD-2014-08714
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201412-046
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2014-7243
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2014-000140
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-08714
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-08714 // JVNDB: JVNDB-2014-000140 // CNNVD: CNNVD-201412-046 // NVD: CVE-2014-7243

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2014-000140 // NVD: CVE-2014-7243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-046

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-046

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-000140

PATCH

title:	Information from NTT DOCOMO, INC.	url:	http://jvn.jp/en/jp/JVN71762315/995312/index.html	Trust: 0.8
title:	Multiple LG Routers security bypass vulnerability patches	url:	https://www.cnvd.org.cn/patchInfo/show/52409	Trust: 0.6

sources: CNVD: CNVD-2014-08714 // JVNDB: JVNDB-2014-000140

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7243	Trust: 3.3
db:	JVN	id:	JVN71762315	Trust: 2.4
db:	JVNDB	id:	JVNDB-2014-000140	Trust: 2.4
db:	BID	id:	71413	Trust: 1.5
db:	CNVD	id:	CNVD-2014-08714	Trust: 0.6
db:	CNNVD	id:	CNNVD-201412-046	Trust: 0.6

sources: CNVD: CNVD-2014-08714 // BID: 71413 // JVNDB: JVNDB-2014-000140 // CNNVD: CNNVD-201412-046 // NVD: CVE-2014-7243

REFERENCES

url:	http://jvn.jp/en/jp/jvn71762315/index.html	Trust: 2.4
url:	http://jvn.jp/en/jp/jvn71762315/995312/index.html	Trust: 1.6
url:	http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000140.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/71413	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7243	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7243	Trust: 0.8
url:	http://www.lge.com/index.do	Trust: 0.3

sources: CNVD: CNVD-2014-08714 // BID: 71413 // JVNDB: JVNDB-2014-000140 // CNNVD: CNNVD-201412-046 // NVD: CVE-2014-7243

CREDITS

Taiga Asano

Trust: 0.9

sources: BID: 71413 // CNNVD: CNNVD-201412-046

SOURCES

db:	CNVD	id:	CNVD-2014-08714
db:	BID	id:	71413
db:	JVNDB	id:	JVNDB-2014-000140
db:	CNNVD	id:	CNNVD-201412-046
db:	NVD	id:	CVE-2014-7243

LAST UPDATE DATE

2025-04-13T23:25:20.466000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08714	date:	2014-12-04T00:00:00
db:	BID	id:	71413	date:	2014-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-000140	date:	2014-12-08T00:00:00
db:	CNNVD	id:	CNNVD-201412-046	date:	2014-12-08T00:00:00
db:	NVD	id:	CVE-2014-7243	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08714	date:	2014-12-04T00:00:00
db:	BID	id:	71413	date:	2014-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-000140	date:	2014-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201412-046	date:	2014-12-03T00:00:00
db:	NVD	id:	CVE-2014-7243	date:	2014-12-05T17:59:00.073