LG CVE-2024-2862 Scanner is a security scanning tool designed to detect an unauthenticated password reset vulnerability in LG LED Assistant software. The vulnerability exists in the /api/changePw endpoint where attackers can exploit inadequate validation of the X-Forwarded-For header by spoofing it with 127.0.0.1 to mimic localhost requests. The scanner tests domains, subdomains, and IPv4 addresses for the presence of this critical vulnerability. When the vulnerability is present, attackers can initiate password resets without prior authentication, potentially leading to account takeovers and unauthorized access to systems managing LED displays and digital signage. The tool performs single scans that complete in approximately 10 seconds and can be used by asset owners to identify vulnerable installations. The vulnerability affects LG LED Assistant software commonly deployed in advertising, public display management, and digital signage sectors where organizations manage LED screens and displays. The scanner checks for the specific flaw that allows manipulation of HTTP request headers to bypass authentication controls, enabling unauthorized password changes. This vulnerability poses risks to system integrity, user accounts, and could enable further attacks such as data breaches or privilege escalation within affected environments.