Unauth Admin Reset Password on AC Smart II_CVE-2025-10204

7.1 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.

Basic Information

ID CVE-2025-10204

Source LGE

Published Sep 14, 2025 at 12:43

Affected Product

Vendor LG Electronics

Product AC Smart II

Version 2.1.9

Affected Versions LG Electronics AC Smart II 2.1.9

CWE Classification

CWE-306

References

lgsecurity.lge.com /bulletins

{
    "lastseen": "",
    "description": "A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization.\u00a0This page contains a hidden form for resetting the administrator password.\u00a0The attacker can manipulate the page using developer tools to display and use the form.\u00a0This form allows you to change the administrator password without verifying login status or user permissions.",
    "published": "2025-09-14T12:43:30.393Z",
    "modified": "2025-09-14T12:43:30.393Z",
    "type": "cve",
    "title": "Unauth Admin Reset Password on AC Smart II",
    "source": "LGE",
    "references": "https://lgsecurity.lge.com/bulletins",
    "id": "CVE-2025-10204",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "LG Electronics AC Smart II 2.1.9",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC Smart II",
    "version": "2.1.9",
    "vendor": "LG Electronics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}