Lucene search
+L

7 matches found

NVD
NVD
added 2024/04/09 2:15 p.m.21 views

CVE-2023-6319

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to...

9.1CVSS9.3AI score0.06437EPSS
Exploits2References2
NVD
NVD
added 2024/04/09 2:15 p.m.19 views

CVE-2023-6317

A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51...

9.8CVSS7AI score0.01078EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/09 1:42 p.m.28 views

CVE-2023-6319 Command injection in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to...

9.1CVSS9.5AI score0.06437EPSS
Exploits2References2
CVE
CVE
added 2024/04/09 1:42 p.m.104 views

CVE-2023-6319

CVE-2023-6319 affects LG webOS: a command injection in getAudioMetadata of the com.webos.service.attachedstoragemanager. Affected webOS versions include 4.9.7–5.30.40, 5.5.0–04.50.51, 6.3.3-442–03.36.50, and 7.3.1-43–03.33.85. The vulnerability allows an attacker to execute commands as root via s...

9.1CVSS9.3AI score0.06437EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/09 1:41 p.m.9 views

CVE-2023-6317 PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction

A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51...

7.2CVSS7.2AI score0.01078EPSS
Exploits1References2
CVE
CVE
added 2024/04/09 1:41 p.m.87 views

CVE-2023-6317

CVE-2023-6317 describes a prompt bypass in webOS secondscreen.gateway that lets an attacker create a privileged account without user PIN on affected webOS versions. Affected: webOS 4.9.7–5.30.40, 5.5.0–04.50.51, 6.3.3-442 (kisscurl-kinglake)–03.36.50, 7.3.1-43 (mullet-mebin)–03.33.85. Root cause:...

9.8CVSS7AI score0.01078EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/04/09 1:41 p.m.24 views

CVE-2023-6317 PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction

A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51...

7.2CVSS7.2AI score0.01078EPSS
Exploits1References2
Rows per page
Query Builder