Security News > 2024 > April > Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.
The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.
The vulnerabilities are tracked from CVE-2023-6317 through CVE-2023-6320.
A brief description of the shortcomings is as follows -
CVE-2023-6317 - A vulnerability that allows an attacker to bypass PIN verification and add a privileged user profile to the TV set without requiring user interaction
CVE-2023-6318 - A vulnerability that allows the attacker to elevate their privileges and gain root access to take control of the device
CVE-2023-6319 - A vulnerability that allows operating system command injection by manipulating a library named asm responsible for showing music lyrics
CVE-2023-6320 - A vulnerability that allows for the injection of authenticated commands by manipulating the com.webos.service.connectionmanager/tv/setVlanStaticAddress API endpoint
News URL
https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- Smart TVs are spying on everyone (source)
- Critical Kubernetes Image Builder flaw gives SSH root access to VMs (source)
- Critical default credential in Kubernetes Image Builder allows SSH root access (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Researchers Uncover Vulnerabilities in Open-Source AI and ML Models (source)