Home Upgrade Search Memberlist Extras Hacker Tools Award Goals Help Wiki Contact

HF Rulez the UniverseHF Rulez the Universe
Я трахаю жирных сук
LG webOS CVE Alert CVE webOS exploit white hat black hat pentesting vulnerability vulnerabilities

[CVE-Alert] LG webOS - Multiple

Posted May 18, 2024 08:14 PM
[CVE-Alert] LG webOS x4

I was reading this the other week and thought it was extremely interesting.

Quote:Vulnerabilities at a glance
Bitdefender researchers discovered a vulnerability that lets an attacker bypass the authorization mechanism in WebOS versions 4 through 7. By setting a variable, the attacker can add an extra user to the TV set (CVE-2023-6317)
Another vulnerability allows attackers to elevate the access they gained in the first step to root and fully take over the device (CVE-2023-6318)
A third vulnerability (CVE-2023-6319) allows operating system command injection by manipulating a library responsible with showing music lyrics.
The CVE-2023-6320 vulnerability lets an attacker inject authenticated commands by manipulating the com.webos.service.connectionmanager/tv/setVlanStaticAddress API endpoint.

Vulnerable OS versions
webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA
webOS 5.5.0 - 04.50.51 running on OLED55CXPUA
webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
Disclosure timeline
November 01, 2023: Vendor disclosure
November 15, 2023: Vendor confirms the vulnerabilities.
December 14, 2023: Vendor requests extension
March 22, 2024: Patch release
April 09, 2024: Public release of this report
A technical look into the discovered vulnerabilities
WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by the LG ThinkQ smartphone app to control the TV. To set up the app, the user must enter a PIN code into the display on the TV screen. An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.




I will be posting more of these regularly, stay tuned.