{"api_version":"1","generated_at":"2026-04-23T14:23:46+00:00","cve":"CVE-2020-9759","urls":{"html":"https://cve.report/CVE-2020-9759","api":"https://cve.report/api/cve/CVE-2020-9759.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-9759","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-9759"},"summary":{"title":"CVE-2020-9759","description":"A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-03-23 16:15:00","updated_at":"2022-04-22 19:05:00"},"problem_types":["CWE-494"],"metrics":[],"references":[{"url":"https://github.com/weechat/weechat/commit/9904cb6d2eb40f679d8ff6557c22d53a3e3dc75a","name":"https://github.com/weechat/weechat/commit/9904cb6d2eb40f679d8ff6557c22d53a3e3dc75a","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"irc: fix crash when receiving a malformed message 352 (who) · weechat/weechat@9904cb6 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html","name":"[debian-lts-announce] 20200324 [SECURITY] [DLA 2157-1] weechat security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2157-1] weechat security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html","name":"https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html","refsource":"CONFIRM","tags":[],"title":"CVE-2020-XXXXX - Getting root on webOS · The Recurity Lablog","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html","name":"[debian-lts-announce] 20210930 [SECURITY] [DLA 2770-1] weechat security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2770-1] weechat security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202003-51","name":"GLSA-202003-51","refsource":"GENTOO","tags":[],"title":"WeeChat: Multiple vulnerabilities (GLSA 202003-51) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://weechat.org/doc/security/","name":"https://weechat.org/doc/security/","refsource":"MISC","tags":["Vendor Advisory"],"title":"WeeChat :: documentation :: security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-9759","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9759","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"9759","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"lg","cpe5":"webos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9759","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"weechat","cpe5":"weechat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9759","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"weechat","cpe5":"weechat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-9759","qid":"178850","title":"Debian Security Update for weechat (DLA 2770-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_PUBLIC":"2020-10-08T02:19:00.000Z","ID":"CVE-2020-9759","STATE":"PUBLIC","TITLE":"webOS TV Emulator privilege escalation vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4.6,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html","url":"https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210930 [SECURITY] [DLA 2770-1] weechat security update","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2020-03-23 16:15:00","lastModifiedDate":"2022-04-22 19:05:00","problem_types":["CWE-494"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:lg:webos:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"9759","Ordinal":"170155","Title":"CVE-2020-9759","CVE":"CVE-2020-9759","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"9759","Ordinal":"1","NoteData":"A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"9759","Ordinal":"2","NoteData":"2020-03-23","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"9759","Ordinal":"3","NoteData":"2021-09-30","Type":"Other","Title":"Modified"}]}}}