More than 90,000 LG smart TVs are at risk of being remotely attacked by vulnerabilities in WebOS
Four vulnerabilities in the WebOS operating system running on LG smart TVs have been discovered by Bitdefender security researchers.
By exploiting these vulnerabilities, hackers can gain unauthorized access and control to varying degrees over the affected TV.
Hackers could exploit these vulnerabilities and use a service running on port 3000/3001, currently used to connect smartphones with a PIN, to create arbitrary accounts on the device.
Four vulnerabilities on LG's smart TVs identified by the research team include:
- CVE-2023-6317: Allows attackers to bypass the TV's permission mechanism and add users without user consent.
- CVE-2023-6318: Helps hackers gain root access after executing CVE-2023-6317.
- CVE-2023-6319: Command injection into the operating system and arbitrary command execution.
- CVE-2023-6320: Exploits the API to execute commands as the dbus user, a permission similar to root.
According to Bitdefender, there are about 91,000 LG devices affected by the vulnerability. Affected versions include:
- WebOS 4.9.7 - 5.30.40 running on TV series 43UM7000PLA
- WebOS 04.50.51 - 5.5.0 on OLED55CXPUA TV.
- WebOS 0.36.50 - 6.3.3-442 on OLED48C1PUB.
- WebOS 03.33.85 - 7.3.1-43 on OLED48C1PUB, OLED55A23LA.
Bitdefender said it notified LG after discovering the vulnerability late last year. However, it wasn't until the end of March that LG released the first update to fix the problem. Users can go to Settings > Support > Software Update > Check for updates.
LG has not yet commented.
According to Bleeping Computer, bad guys can take advantage of security issues on TVs as a point to attack other devices connected to the same network, steal online accounts, and create botnets (ghost computer networks) for attack methods. Denied DDoS service or silently installed cryptocurrency mining software.
You should read it
May be interested
- Top 10 best smart sockets todaysmart plug makes it easier for users to control and manage electronic devices when plugged in, and can be controlled remotely via the phone.
- Errors on mobile applications allow hackers to control LG deviceslg electronics tried to avoid a security disaster when working with researchers to patch vulnerabilities in mobile applications that customers use to control lg smart home devices.
- 16 new security vulnerabilities can cause systems using Microsoft software to be attackedin addition to warnings about security vulnerabilities in pan-os being used to attack systems, in april, the department of information security (ministry of information and communications) also recommended that units pay attention to 16 high-impact vulnerabilities. , serious in microsoft products.
- The Linksys smart Wi-Fi router was found to contain information leaks of connected devicesmore than 25,000 smart wi-fi router devices (smart wi-fi routers) with linksys famous brands are said to be affected by a serious security hole.
- Warning of zero-day vulnerabilities in window manager on PCrecently, kaspersky global security company has discovered a zero-day vulnerability in the desktop window manager, warning of the risk of taking control of the system.
- Even ships are capable of being hacked remotelytypically, large ships and aircraft will be equipped with vsat systems, allowing crews to send, receive messages and access the internet during the trip. however, is this system really safe? read the article below for more details!
- Palm WebOS runs on PCa member of precentral forum tested and successfully ran this mobile operating system on a dell laptop.
- Minimize the risk of being attacked on Facebookfrom the beginning of last month, security companies have recorded a new wave of attacks on facebook social networks with stronger intensity and more sophisticated levels.
- Facebook was attacked, more than 50 million user accounts are at risk of being leakedmore than 50 million facebook user accounts are affected by a recent cyber attack. this is a new announcement released by the world's largest social network.
- Detecting high-risk vulnerabilities potentially affecting 1 million servers worldwidethe vulnerability allows an attacker to read configuration files of the application, steal passwords or api tokens, and even hijack the server.