April 9, 2024 at 09:45AM
LG webOS smart TVs were found to have multiple security vulnerabilities, allowing unauthorized access and root access to the devices. The flaws, discovered by Bitdefender, included bypassing authorization and gaining elevated permissions. LG released updates to fix the issues impacting various webOS versions. Over 91,000 devices globally were exposed to potential exploitation.
Key points from the meeting notes:
– LG webOS smart televisions have multiple security vulnerabilities disclosed by Bitdefender, with flaws fixed by LG in updates released on March 22, 2024.
– Vulnerabilities tracked from CVE-2023-6317 through CVE-2023-6320 impact various versions of webOS on different LG TV models.
– Description of the vulnerabilities includes bypassing PIN verification, elevating privileges to gain root access, OS command injection, and authenticated command injection.
– Exploiting the flaws could enable elevated permissions to the device and potentially allow threat actors to gain root access or run arbitrary commands.
– Shodan identified over 91,000 devices exposed to the vulnerable service on the Internet, primarily in South Korea, Hong Kong, the U.S., Sweden, Finland, and Latvia.
Overall, LG webOS smart televisions were found to have significant security vulnerabilities that were disclosed by Bitdefender and subsequently addressed by LG. These vulnerabilities present potential security risks and require prompt attention to mitigate the associated threats.