Security News > 2024 > April > Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access
2024-04-09 13:05

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.

The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.

The vulnerabilities are tracked from CVE-2023-6317 through CVE-2023-6320.

A brief description of the shortcomings is as follows -

CVE-2023-6317 - A vulnerability that allows an attacker to bypass PIN verification and add a privileged user profile to the TV set without requiring user interaction

CVE-2023-6318 - A vulnerability that allows the attacker to elevate their privileges and gain root access to take control of the device

CVE-2023-6319 - A vulnerability that allows operating system command injection by manipulating a library named asm responsible for showing music lyrics

CVE-2023-6320 - A vulnerability that allows for the injection of authenticated commands by manipulating the com.webos.service.connectionmanager/tv/setVlanStaticAddress API endpoint


News URL

https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-09 CVE-2023-6320 Unspecified vulnerability in LG Webos 5.5.0/6.3.3442
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6.
network
low complexity
lg
7.2
7.2
2024-04-09 CVE-2023-6319 Unspecified vulnerability in LG Webos
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7.
network
low complexity
lg
7.2
7.2
2024-04-09 CVE-2023-6318 Unspecified vulnerability in LG Webos 5.5.0/6.3.3442/7.3.143
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7.
network
low complexity
lg
7.2
7.2
2024-04-09 CVE-2023-6317 Unspecified vulnerability in LG Webos
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7.
network
low complexity
lg
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
LG 36 0 6 16 9 31