April 10, 2024 at 08:30AM
Bitdefender researchers found four vulnerabilities in LG TVs running WebOS versions 4 through 7. These flaws, including CVE-2023-6317 and CVE-2023-6318, could be exploited to gain unauthorized access and take control of the device. LG released patches in March 2024, but many internet-exposed instances are still vulnerable, particularly in South Korea.
The meeting notes detail the discovery of several vulnerabilities in LG TVs powered by the WebOS operating system, identified by cybersecurity firm Bitdefender. These vulnerabilities could potentially enable remote hacking and unauthorized access to the targeted TVs. The vulnerabilities include the ability to bypass authorization and add a new user, elevate privileges to gain full control, and allow arbitrary command injection.
This could have serious implications, such as dropping malware, snooping on network traffic, and being exploited in cybercrime operations. Additionally, a significant number of internet-exposed instances of the vulnerable service have been identified, particularly in South Korea, Hong Kong, the United States, Sweden, and Finland. It’s worth noting that LG was informed of these vulnerabilities in November 2023 and released patches in March 2024. Although the TVs have an automatic update feature, LG has not published an advisory for these flaws.
It’s crucial for users to ensure that their LG TVs running WebOS are updated with the provided patches to mitigate the potential risks associated with these vulnerabilities.