LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html