LG TVs at Risk of Security Vulnerabilities

A recent study conducted by Bitdefender has revealed a potential security threat associated with LG TVs, specifically those running on the LG WebOS TV operating system versions 4 through 7. These TVs are susceptible to security vulnerabilities that could be exploited by cybercriminals to gain unauthorized access and conduct surveillance on users.

One of the critical vulnerabilities identified, tracked as CVE-2023-6317, allows hackers to bypass the TV’s authorization mechanisms and add themselves as a user on the device. Subsequently, by leveraging another vulnerability, tracked as CVE-2023-6318, attackers can gain complete control over the TV, opening the door for the execution of command injections.

Moreover, by exploiting additional vulnerabilities designated as CVE-2023-6319 and CVE-2023-6320, threat actors can manipulate a music lyrics library to facilitate OS command injections or manipulate a specific API endpoint to inject authenticated commands, further compromising the device’s security.

The affected LG TV models include LG43UM7000PLA running webOS 4.9.7 – 5.30.40, OLED55CXPUA running webOS 5.5.0 – 04.50.51, OLED48C1PUB running webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50, and OLED55A23LA running webOS 7.3.1-43 (mullet-mebin) – 03.33.85. A patch has been released to address these vulnerabilities, with availability for the affected models starting from April 10. Users are advised to check the OS system version of their LG TVs to ensure that the patch has been successfully installed, mitigating the risk of exploitation.