Vulnerabilities in LG’s WebOS / LG SmartTV
Security researchers from Bitdefender have identified multiple vulnerabilities in LG’s WebOS, affecting various models of the company’s smart TVs. These vulnerabilities, if exploited, could allow attackers to gain unauthorized root access to the devices.
Affected Versions and Models:
📌The vulnerabilities impact LG TVs running WebOS versions 4.9.7 to 7.3.1 across models such as LG43UM7000PLA, OLED55CXPUA, OLED48C1PUB, and OLED55A23LA
Specific Vulnerabilities:
📌CVE-2023-6317: Allows attackers to bypass PIN verification and add a privileged user profile without user interaction
📌CVE-2023-6318: Enables attackers to elevate their privileges and gain root access
📌CVE-2023-6319: Permits operating system command injection by manipulating a library for displaying music lyrics
📌CVE-2023-6320: Allows for the injection of authenticated commands by exploiting the com.webos.service.connectionmanager/tv/setVlanStaticAddress API endpoint
Discovery and Reporting:
📌These vulnerabilities were discovered by Bitdefender in November 2023 and reported to LG, which subsequently released patches on March 22, 2024
Scope of Impact:
📌Over 91,000 devices have been identified as potentially vulnerable. These devices are primarily located in South Korea, Hong Kong, the US, Sweden, and Finland
Mitigation and User Action:
📌LG has released patches for these vulnerabilities, which are available through the TV’s settings menu under Software Update
📌Users are advised to enable automatic software updates to ensure their devices receive the latest security patches
Potential Risks:
📌If exploited, these vulnerabilities could allow attackers to take control of the TV, access sensitive user data, and potentially use the compromised device as part of a botnet or for other malicious activities
Security Recommendations:
📌Besides applying the latest firmware updates, users should use strong, unique passwords for their devices and secure their Wi-Fi networks to further reduce the risk of exploitation
Vkontakte
Twitter
Одноклассники
