Webos Security Vulnerabilities and Issues — Webos CVE List

Lucene search

LgWebos

8 matches found

CVE•added 2022/03/11 6:15 p.m.•730 views

CVE-2022-23730

The public API error causes for the attacker to be able to bypass API access control.

9.8CVSS9.3AI score0.00408EPSS

CVE•added 2022/03/11 6:15 p.m.•134 views

CVE-2022-23731

V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.

7.8CVSS7.8AI score0.00864EPSS

CVE•added 2022/01/28 8:15 p.m.•98 views

CVE-2022-23727

There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege

7.8CVSS7.5AI score0.00134EPSS

CVE•added 2024/04/09 2:15 p.m.•80 views

CVE-2023-6319

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigg...

9.1CVSS9.3AI score0.06952EPSS

CVE•added 2020/03/23 4:15 p.m.•79 views

CVE-2020-9759

A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files.

9.3CVSS6.8AI score0.00157EPSS

CVE•added 2024/04/09 2:15 p.m.•67 views

CVE-2023-6320

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerab...

9.1CVSS9.3AI score0.00334EPSS

CVE•added 2024/04/09 2:15 p.m.•60 views

CVE-2023-6317

A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLAwebOS 5.5.0 - 04.50.51 runni...

9.8CVSS7AI score0.00075EPSS

CVE•added 2024/04/09 2:15 p.m.•59 views

CVE-2023-6318

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger th...

9.1CVSS9.4AI score0.00334EPSS