CVE-2023-6317

🗓️ 09 Apr 2024 13:41:34Reported by BitdefenderType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 70 Views

A prompt bypass vulnerability in webOS versions 4 through 7 allows an attacker to create a privileged account without requiring the security PIN

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-6317	10 Apr 202413:20	–	circl
CNNVD	LG webOS 安全漏洞	9 Apr 202400:00	–	cnnvd
Cvelist	CVE-2023-6317 PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction	9 Apr 202413:41	–	cvelist
EUVD	EUVD-2023-58559	3 Oct 202520:07	–	euvd
NVD	CVE-2023-6317	9 Apr 202414:15	–	nvd
OSV	CVE-2023-6317	9 Apr 202414:15	–	osv
Positive Technologies	PT-2023-9038	1 Nov 202300:00	–	ptsecurity
The Hacker News	Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access	9 Apr 202413:05	–	thn
Vulnrichment	CVE-2023-6317 PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction	9 Apr 202413:41	–	vulnrichment

NVD

Node

lg webosMatch4.9.7

AND

lg lg43um7000plaMatch-

Node

lg webosMatch5.5.0

AND

lg oled55cxpuaMatch-

Node

lg webosMatch6.3.3-442

AND

lg oled48c1pubMatch-

Node

lg webosMatch7.3.1-43

AND

lg oled55a23laMatch-

[
  {
    "defaultStatus": "unaffected",
    "product": "WebOS",
    "vendor": "LG",
    "versions": [
      {
        "status": "affected",
        "version": " 4.9.7"
      },
      {
        "status": "affected",
        "version": "5.5.0"
      },
      {
        "status": "affected",
        "version": "6.3.3-442"
      },
      {
        "status": "affected",
        "version": "7.3.1-43"
      }
    ]
  }
]

Source	Link
lgsecurity	www.lgsecurity.lge.com/bulletins/tv
bitdefender	www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

07 Feb 2025 18:39Current

7High risk

Vulners AI Score7

CVSS 3.17.2 - 9.8

EPSS0.00097

SSVC

CWE-639