← Back to CVEs
CVE-2025-10204
N/ADescription
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.
CVE Details
CVSS v3.1 ScoreN/A
Published9/14/2025
Last Modified9/15/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-306
References
https://lgsecurity.lge.com/bulletins(product.security@lge.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.