Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry. The company, the success...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Linux Linux_Kernel

Chronomaly — CVE-2025-38352 on LG webOS Kernel exploit for C...

Millions of Android Powered TVs and Streaming Devices Infected by Kimwolf Botnet

Synthient discovers over 2 million Android TV boxes and smart TVs hijacked by the Kimwolf botnet. Learn how hackers are using home devices to launch DDoS attacks and how you can protect your home network...

CVE-2025-55972

CVE-2025-55972 affects TCL Smart TVs with a vulnerable UPnP/DLNA MediaRenderer implementation. The issue arises when an attacker sends a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoint, enabling a remote, unauthenticated Denial of Service. The device b...

Exploit for OS Command Injection in Lg Webos

Root my webOS TV A simple python script that starts a telnet...

The vulnerability of microprogrammed software in ZTE ZXvSTB TV devices, related to deficiencies in access control, allows attackers to delete arbitrary data.

The vulnerability of the microprogramming software in ZTE ZXvSTB TVs is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to delete arbitrary data remotely...

CVE-2022-23727

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege...

CVE-2022-23727

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege...

PT-2022-16231 · Lg · Webos Tv

Name of the Vulnerable Software and Affected Versions: webOS TVs affected versions not specified Description: The issue is related to a privilege escalation vulnerability in webOS TVs, where a local attacker can exploit wrong setting environments to obtain higher privileges. This can be achieved ...

CVE-2021-27944

Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload...

Vizio P65-F1 命令注入漏洞

The Vizio P65-F1 is a display from Vizio, Inc. A command injection vulnerability exists in multiple Vizio products that stems from the product's multiple highly privileged APIs that do not validate the user's identity. The vulnerability allows an attacker to access privileged functionality and...

CVE-2021-27942

Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed...

CVE-2021-27943

The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack against only 10000 possibilities, allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and...

A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass

Overview SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. are liquid crystal televisions. SCT-40CM01SR and AT-40CM01SR contain an authentication bypass vulnerability CWE-287. Shinnosuke Tokusho reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

JVN#21636825: A-Stage SCT-40CM01SR and AT-40CM01SR vulnerable to authentication bypass

SCT-40CM01SR and AT-40CM01SR provided by A-Stage Inc. are liquid crystal televisions. SCT-40CM01SR and AT-40CM01SR contain an authentication bypass vulnerability CWE-287. Impact An attacker who can access the device may log in via telnet without authentication and execute an arbitrary command...

Multiple Samsung Products Security Vulnerabilities

Samsung mobile devices O are products of Samsung Corporation in South Korea.Samsung mobile devices O is a series of cell phones.Samsung mobile devices P is a series of mobile hard drives.Samsung mobile devices Q is a series of TVs.Samsung mobile devices Q is a series of TVs. Samsung mobile device...

CVE-2020-27403

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 tha...

Tracking by Smart TVs

Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers...

Sony BRAVIA Smart TVs Denial of Service Vulnerability

Sony BRAVIA Smart TVs is a smart TV from Sony Japan. A security vulnerability exists in Sony BRAVIA Smart TVs. The vulnerability can be exploited by an attacker to cause the TV to become stuck, unresponsive, crash the program, and cause the TV to reboot...

Sony Smart TVs Information Disclosure Vulnerability

Sony Smart Tvs are smart TV products from Sony Japan. A log information disclosure vulnerability exists in Sony Smart Tvs. The vulnerability originates from the abnormal output of log files from a networked system or product. An attacker could exploit this vulnerability to obtain sensitive...