CVE-2021-27942

Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed...

CVE-2021-27943

The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack against only 10000 possibilities, allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and...

EUVD-2021-14660

Malware in sbrugna...

EUVD-2015-5675

Malware in sbrugna...

LG webOS Security Vulnerability

LG webOS is a Linux kernel-based operating system for Smart TVs from the South Korean company LG. A security vulnerability exists in LG webOS. An attacker could exploit this vulnerability to execute arbitrary code...

This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide

A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. "The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages,...

Smart TV adverts put a wrinkle in your programming

Smart TVs are back in the news due to the potential pitfalls of embedded advertising. It may come as a surprise to some, but these devices aren’t particularly new. As far back as 2013, security researchers were already exploring the issues related to internet connected televisions in a home...

CVE-2021-27944

Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload...

CVE-2021-27944

Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload...

CVE-2021-27944

CVE-2021-27944 affects Vizio P65-F1 (firmware 6.0.31.4-2) and E50x-E1 (firmware 10.0.31.4-2). Unauthenticated access to multiple high‑privilege APIs allows privileged functionality use via a file upload, resulting in OS command execution. Root cause: lack of access controls on these APIs. Public ...

CVE-2021-27942

Summary: CVE-2021-27942 affects Vizio P65-F1 (6.0.31.4-2) and E50x-E1 (10.0.31.4-2) smart TVs. The issue allows arbitrary code execution from a USB drive via the Smart Cast feature because files on the USB drive are effectively under the web root and can be executed. Affected components: USB medi...

Code injection

The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack against only 10000 possibilities, allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and...

CVE-2021-27943

The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack against only 10000 possibilities, allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and...

Smart TVs make screenshots every second & send them to the server

By David Balaban There are a lot of unexpansive smart TVs on the market. Have you ever thought about why they got so cheap? This is a post from HackRead.com Read the original post: Smart TVs make screenshots every second & send them to the server...

Smart TVs: The Cyberthreat Lurking in Your Living Room, Feds Warn

Black Friday and Cyber Monday sales of smart TVs are likely prodigious this Thanksgiving weekend – but consumers need to be aware of the hole they can punch in home cyber-defenses. That’s the word from the FBI, which warned that smart TVs, which hook up to the internet to allow users to access ap...

Pwn2Own Tokyo Roundup: Amazon Echo, Routers and Smart TVs Fall to Hackers

Another Pwn2Own has drawn to a close, with Team Fluoroacetate researchers Amat Cama and Richard Zhu taking home the Master of Pwn title for the third year in a row. Overall, contestants in the Tokyo 2019 event earned more than $315,000 over the two-day hacking contest, for uncovering 18 different...

Tracking by Smart TVs

Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers...

Smart TVs, Subscription Services Leak Data to Facebook, Google

Smart TVs and so-called “over the top” OTT platforms are the latest IoT devices found “spying” on users and leaking sensitive data to companies such as Facebook, Amazon, Google and Netflix, according to two separate studies conducted by university researchers as well as independent research done ...

Samsung asks users to scan their Smart TVs for malware – Here’s how to

By Waqas Samsung tweeted and then deleted that tweet stating that users should scan their Smart TVs for malware “every few weeks.” Smart devices are vulnerable to all sorts of digital threats, and this is not a hidden reality as we often hear about internet connected devices getting hacked or...

Android-Based Sony Smart-TVs Open to Image Pilfering

Two vulnerabilities in Android-based smart-TVs from Sony, including the flagship Bravia line, could allow attackers to access WiFi passwords and images stored on the devices. The bugs exist in the Photo Sharing Plus feature of Sony smart-TVs going back to 2015. They were uncovered by xen1thLabs i...