Electronics manufacturer LG patched four vulnerabilities in its webOS 4, 5, 6 and 7 operating systems at the end of March. This was reported by security company Bitdefender. Some of these vulnerabilities allowed webOS TV devices to be controlled remotely.

decent According to researchers at Bitdefender About the following vulnerabilities: CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320. The first vulnerability made it possible to bypass webOS licensing and create a new user account on TVs, researchers write. This worked through a service that runs on network ports 3000 and 3001, which are used to connect to smartphones.

The second vulnerability, CVE-2023-6318, allowed the new user account to gain root access. This made it possible to control the entire TV set. Finally, the vulnerabilities CVE-2023-6319 and CVE-2023-6320 made it possible to… He orders Injection On affected webOS TVs.

Bitdefender notified LG of the vulnerabilities on November 1, 2023. The South Korean electronics manufacturer confirmed the leaks on November 15. On March 22, 2024, an update was released containing a security patch for the leaks. Bitdefender’s findings have only now been published. The vulnerabilities were present in certain versions of webOS 4, 5, 6, and 7. Bitdefender mentions several specific versions and TV models.