Bitdefender researchers have discovered four vulnerabilities in LG webOS, the operating system for several of its models smart television line.
According to the researchersAlthough the now vulnerable LG webOS service is expected to be used in local networks, scans show that there are reportedly around 91,000 exposed devices vulnerable to the bugs.
Insects are a mix of command the injection, increase in privilegesAND work around vulnerabilities and are tracked as CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320. For example, CVE-2023-6317 may allow an attacker to add an additional user to the TV, and CVE-2023-6318 may allow a user to use the “access gained in the first step to root and fully take over the device control.”
Affects webOS 4.9.7-5.30.40 running on LG43UM7000PLA, webOS 5.5.0-04.50.51 running on OLED55CXPUA, webOS 6.3.3-442 (kisscurl-kinglake)-03.36.50 running on OLED48C1PUB, and webOS 7.3 .1 -43 (mullet-mebin)-03.33.85 running on OLED55A23LA.
The researchers reported their findings to LG in November 2023, but the vendor only released security updates last month. Interested users those who were not notified of the vulnerabilities or updates to fix them should go to the TV’s “Settings,” then “Support” and “Software Update,” then click “Check for Updates.”