Webos

webos

Vendor: Lg • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-6320 1Lg 1Webos Feb 7, 2025 Apr 9, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the...Show more A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB Show less
CVE-2023-6319 1Lg 1Webos Feb 7, 2025 Apr 9, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command e...Show more A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA Show less
CVE-2023-6318 1Lg 1Webos Feb 7, 2025 Apr 9, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execut...Show more A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA Show less
CVE-2023-6317 1Lg 1Webos Feb 7, 2025 Apr 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models aff...Show more A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA Show less
CVE-2022-23731 1Lg 1Webos Nov 21, 2024 Mar 11, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.
CVE-2022-23730 1Lg 1Webos Nov 21, 2024 Mar 11, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The public API error causes for the attacker to be able to bypass API access control.
CVE-2022-23727 1Lg 1Webos Nov 21, 2024 Jan 28, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker...Show more There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilegeShow less
CVE-2020-9759 1Lg 1Webos Nov 21, 2024 Mar 23, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulne...Show more A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.Show less