Login Sign Up

CVE-2018-14839

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2018-14839 is an unauthenticated remote command execution vulnerability in LG N1A1 NAS devices. Attackers can execute arbitrary commands via HTTP POST requests, potentially gaining full control of affected systems. This affects LG N1A1 NAS devices running vulnerable firmware versions.

💻 Affected Systems

Products:
  • LG N1A1 Network Attached Storage
Versions: Firmware version 3718.510 and likely earlier versions
Operating Systems: Embedded Linux-based firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable as no authentication is required for exploitation.

📦 What is this software?

N1a1 Firmware by Lg

View all CVEs affecting N1a1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal data, pivot to internal networks, or use the device for botnet activities.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or device takeover for malicious purposes.

🟢

If Mitigated

Limited impact if device is isolated from internet and internal networks with strict access controls.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP without authentication from internet-facing devices.
🏢 Internal Only: HIGH - Even internally, the vulnerability requires no authentication and allows full system compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version after 3718.510 (check LG support for latest)

Vendor Advisory: https://www.lg.com/global/support/security-notice

Restart Required: Yes

Instructions:

1. Backup all data. 2. Download latest firmware from LG support site. 3. Log into NAS web interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot device.

🔧 Temporary Workarounds

Network Isolation

all

Remove device from internet exposure and restrict network access

Firewall Rules

linux

Block HTTP/HTTPS access to NAS from untrusted networks

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Immediately disconnect device from internet and place behind strict firewall
  • Implement network segmentation to isolate NAS from critical systems

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface or via SSH: cat /etc/version

Check Version:

ssh admin@nas-ip 'cat /etc/version' or check web interface System Information

Verify Fix Applied:

Verify firmware version is newer than 3718.510 and test HTTP POST requests to vulnerable endpoints return errors

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP POST requests to NAS web interface
  • Command execution patterns in system logs
  • Unexpected process creation

Network Indicators:

  • HTTP POST requests with command injection patterns to NAS port 80/443
  • Outbound connections from NAS to suspicious IPs

SIEM Query:

source="nas-logs" AND (http_method="POST" AND (uri="*cgi*" OR uri="*command*" OR uri="*exec*"))

📊 Metadata

CVE ID: CVE-2018-14839
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: May 14, 2019
Last Updated: November 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-14839, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)