Researchers Uncover LG Good TV Vulnerabilities Permitting Root Entry

April 9, 2024

A number of security vulnerabilities have been disclosed in LG webOS working on its good televisions that might be exploited to bypass authorization and acquire root entry on the gadgets.

The findings come from Romanian cybersecurity agency Bitdefender, which found and reported the failings in November 2023. The problems have been fastened by LG as a part of updates launched on March 22, 2024.

The vulnerabilities are tracked from CVE-2023-6317 via CVE-2023-6320 and impression the next variations of webOS –

webOS 4.9.7 – 5.30.40 working on LG43UM7000PLA
webOS 5.5.0 – 04.50.51 working on OLED55CXPUA
webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 working on OLED48C1PUB
webOS 7.3.1-43 (mullet-mebin) – 03.33.85 working on OLED55A23LA

A quick description of the shortcomings is as follows –

CVE-2023-6317 – A vulnerability that permits an attacker to bypass PIN verification and add a privileged person profile to the TV set with out requiring person interplay

CVE-2023-6318 – A vulnerability that permits the attacker to raise their privileges and acquire root entry to take management of the gadget

CVE-2023-6319 – A vulnerability that permits working system command injection by manipulating a library named asm liable for displaying music lyrics

CVE-2023-6320 – A vulnerability that permits for the injection of authenticated instructions by manipulating the com.webos.service.connectionmanager/television/setVlanStaticAddress API endpoint

Profitable exploitation of the failings might enable a menace actor to achieve elevated permissions to the gadget, which, in flip, might be chained with CVE-2023-6318 and CVE-2023-6319 to acquire root entry, or with CVE-2023-6320 to run arbitrary instructions because the dbus person.

“Though the susceptible service is meant for LAN entry solely, Shodan, the search engine for Web-connected gadgets, recognized over 91,000 gadgets that expose this service to the Web,” Bitdefender stated. A majority of the gadgets are positioned in South Korea, Hong Kong, the U.S., Sweden, Finland, and Latvia.

- Advertisment -

Researchers Uncover LG Good TV Vulnerabilities Permitting Root Entry

CrowdStrike buys Onum in agentic SOC push

Passwordstate dev urges customers to patch auth bypass vulnerability

Why Prime Groups Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec

LEAVE A REPLY Cancel reply

Most Popular

PixieFail flaws affect PXE community boot in enterprise techniques

PixieFail UEFI Flaws Expose Tens of millions of Computer systems to RCE, DoS, and Data Theft

New Marvin assault revives 25-year-old decryption flaw in RSA

1000’s of Juniper gadgets susceptible to unauthenticated RCE flaw

Why Instagram Threads is a hotbed of dangers for companies

Phishing Campaigns Ship New SideTwist Backdoor and Agent Tesla Variant

Prospects warned to cancel bank cards

EDITOR PICKS

The state of ransomware: Sooner, smarter, and meaner

7 ideas for bettering cybersecurity ROI

Venafi faucets generative AI to streamline machine id administration

POPULAR News

PixieFail flaws affect PXE community boot in enterprise techniques

PixieFail UEFI Flaws Expose Tens of millions of Computer systems to RCE, DoS, and Data Theft

New Marvin assault revives 25-year-old decryption flaw in RSA

POPULAR TAGS

POPULAR Tags

POPULAR Tags

ABOUT US

FOLLOW US