CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

194 matches found

CVE•added 2024/04/09 1:43 p.m.•82 views

CVE-2023-6320

CVE-2023-6320: A command injection vulnerability affects webOS 5.x and 6.x, specifically the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint. The root cause is a command execution path that can be triggered by a sequence of authenticated requests, allowing execution as the db...

9.1CVSS9.3AI score0.0392EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/04/09 1:43 p.m.•11 views

CVE-2023-6320 Command injection in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this...

9.1CVSS7.3AI score0.0392EPSS

Exploits1References2

Cvelist•added 2024/04/09 1:43 p.m.•19 views

CVE-2023-6320 Command injection in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint

9.1CVSS9.4AI score0.0392EPSS

Exploits1References2

Vulnrichment•added 2024/04/09 1:42 p.m.•12 views

CVE-2023-6319 Command injection in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to...

9.1CVSS7.4AI score0.06437EPSS

Exploits2References2

CVE•added 2024/04/09 1:42 p.m.•95 views

CVE-2023-6319

CVE-2023-6319 affects LG webOS: a command injection in getAudioMetadata of the com.webos.service.attachedstoragemanager. Affected webOS versions include 4.9.7–5.30.40, 5.5.0–04.50.51, 6.3.3-442–03.36.50, and 7.3.1-43–03.33.85. The vulnerability allows an attacker to execute commands as root via s...

9.1CVSS9.3AI score0.06437EPSS

Exploits2References2Affected Software1

Cvelist•added 2024/04/09 1:42 p.m.•17 views

CVE-2023-6319 Command injection in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service

9.1CVSS9.5AI score0.06437EPSS

Exploits2References2

Vulnrichment•added 2024/04/09 1:41 p.m.•11 views

CVE-2023-6318 Command injection in the processAnalyticsReport method from the com.webos.service.cloudupload service

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

9.1CVSS7.4AI score0.04667EPSS

Exploits1References2

Cvelist•added 2024/04/09 1:41 p.m.•17 views

CVE-2023-6318 Command injection in the processAnalyticsReport method from the com.webos.service.cloudupload service

9.1CVSS9.5AI score0.04667EPSS

Exploits1References2

CVE•added 2024/04/09 1:41 p.m.•73 views

CVE-2023-6318

LG webOS versions 5 through 7 are affected by a command injection in the processAnalyticsReport method of the com.webos.service.cloudupload service, enabling root-level code execution via specially crafted authenticated requests. Affected versions listed include webOS 5.5.0 – 04.50.51, 6.3.3-442,...

9.1CVSS9.4AI score0.04667EPSS

Exploits1References2Affected Software1

CVE•added 2024/04/09 1:41 p.m.•78 views

CVE-2023-6317

CVE-2023-6317 describes a prompt bypass in webOS secondscreen.gateway that lets an attacker create a privileged account without user PIN on affected webOS versions. Affected: webOS 4.9.7–5.30.40, 5.5.0–04.50.51, 6.3.3-442 (kisscurl-kinglake)–03.36.50, 7.3.1-43 (mullet-mebin)–03.33.85. Root cause:...

9.8CVSS7AI score0.01078EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/04/09 1:41 p.m.•9 views

CVE-2023-6317 PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction

A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51...

7.2CVSS7.2AI score0.01078EPSS

Exploits1References2

Cvelist•added 2024/04/09 1:41 p.m.•10 views

CVE-2023-6317 PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction

7.2CVSS7.2AI score0.01078EPSS

Exploits1References2

HackRead•added 2024/04/09 1:23 p.m.•15 views

91,000 Smart LG TV Devices Vulnerable to Remote Takeover

By Waqas LG TVs vulnerable! Update now to block hackers from taking control & stealing data webOS 4-7. Millions at risk! This is a post from HackRead.com Read the original post: 91,000 Smart LG TV Devices Vulnerable to Remote Takeover...

7.3AI score

Exploits0

The Hacker News•added 2024/04/09 1:5 p.m.•46 views

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in Novemb...

8.7AI score0.06437EPSS

Exploits5

CNNVD•added 2024/04/09 12:0 a.m.•2 views

LG webOS 安全漏洞

LG webOS is a Linux kernel-based smart TV operating system from LG, a South Korean company. A security vulnerability exists in LG webOS that originates from a command injection vulnerability in the om.webos.service.connectionmanager/tv/setVlasticAddress endpoint. Affected products and...

9.1CVSS7.7AI score0.0392EPSS

Exploits1References3

CNNVD•added 2024/04/09 12:0 a.m.•2 views

LG webOS 安全漏洞

LG webOS is a Linux kernel-based smart TV operating system from South Korea's Lakin LG. A security vulnerability exists in LG webOS that originates from a hint bypass in the secondscreen.gateway service. An attacker can exploit the vulnerability to create a privileged account without asking the...

9.8CVSS6.9AI score0.01078EPSS

Exploits1References3

CNNVD•added 2024/04/09 12:0 a.m.•4 views

LG webOS 操作系统命令注入漏洞

LG webOS is a Linux kernel-based smart TV operating system from LG Corporation in South Korea. An OS command injection vulnerability exists in LG webOS, which stems from an OS command injection vulnerability in the processAnalyticsReport method of the com.webos.service.cloudupload service. Affect...

9.1CVSS7.5AI score0.04667EPSS

Exploits1References3

CNNVD•added 2024/04/09 12:0 a.m.•1 views

LG webOS 操作系统命令注入漏洞

LG webOS is a Linux kernel-based smart TV operating system from LG Corporation in South Korea. An OS command injection vulnerability exists in LG webOS, which originates from an OS command injection vulnerability in the getAudioMetadata method of the com.webos.service.attachedstoragemanager...

9.1CVSS7.7AI score0.06437EPSS

Exploits2References3