Cyberdudebivash

  1. Overview LG’s webOS smart TVs (versions 4 through 7 ) have been found vulnerable to several critical flaws that allow unauthorized access, privilege escalation, and remote code execution. These vulnerabilities affect a large number of devices, many exposed to the LAN or—even worse—to the public Internet. Attackers can bypass user PIN protections, install privileged accounts, execute commands as root or as privileged system users, and take full control. NVD +3 Bitdefender +3 TuxCare +3 2. Key Vulnerabilities (CVE IDs) CVE Vulnerability Affected OS Versions / Models Impact / Attack Vector CVE-2023-6317 Authorization bypass in secondscreen.gateway : attacker can create privileged account without PIN. Bitdefender +2 NVD +2 webOS 4.9.7 → 5.x; 6.x; 7.x on specific LG models (OLED55CXPUA, LG43UM7000PLA, etc.) Bitdefender +2 TuxCare +2 Attacker only needs LAN access; no user interaction required to create admin user. CVE-2023-6318 Privilege escalation following unauthorized accoun...