Cybersecurity researchers at Bitdefender have uncovered four vulnerabilities affecting LG TVs powered by WebOS versions 4 through 7, potentially enabling remote hackers to compromise the devices. One of the flaws, CVE-2023-6317, allows unauthorized users to add new accounts to the TV, while CVE-2023-6318 enables privilege escalation to gain root access. Additionally, CVE-2023-6319 and CVE-2023-6320 permit arbitrary command injection, opening avenues for malware deployment and network intrusion. Although the vulnerable service is typically accessible only within local networks, approximately 90,000 instances are exposed on the internet, posing a significant risk. LG was notified of the vulnerabilities in November 2023 and issued patches in March 2024, but no formal advisory has been published. However, LG TVs with WebOS feature automatic updates, potentially mitigating the threat for many users.
Read more: https://www.securityweek.com/thousands-of-lg-tvs-possibly-exposed-to-remote-hacking/