LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request.
https://exchange.xforce.ibmcloud.com/vulnerabilities/100733
http://www.securityfocus.com/bid/72544
http://www.securityfocus.com/bid/72535
http://www.securityfocus.com/archive/1/534643/100/0/threaded