CVSS: 9.1EPSS: 37%CPEs: 4EXPL: 1CVE-2023-6319 – Command injection in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service
https://notcve.org/view.php?id=CVE-2023-6319
09 Apr 2024 — A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mul... • https://github.com/illixion/root-my-webos-tv • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6317 – PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction
https://notcve.org/view.php?id=CVE-2023-6317
09 Apr 2024 — A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA Existe una omisión rápida en el servicio secondscreen.gatewa... • https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23727
https://notcve.org/view.php?id=CVE-2022-23727
28 Jan 2022 — There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege Se presenta una vulnerabilidad de escalada de privilegios en algunos televisores webOS. Debido a entornos de configuración erróneos, un atacante local es capaz de llevar a cabo una operación específica para explotar esta vulnerabilidad. Una explotación puede caus... • https://lgsecurity.lge.com/bulletins/tv •