Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lg webos vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-23727
There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the malicious user to obtain a higher privilege
Lg Webos
1 Github repository
7.8
CVSSv3
CVE-2020-9759
A Vulnerability of LG Electronic web OS TV Emulator could allow an malicious user to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and execu...
Lg Webos -
9.8
CVSSv3
CVE-2022-23730
The public API error causes for the malicious user to be able to bypass API access control.
Lg Webos
7.8
CVSSv3
CVE-2022-23731
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.
Lg Webos
2 Github repositories
NA
CVE-2023-6317
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 up to and including 7. An attacker can create a privileged account without asking the user for the security PIN. Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000...
2 Articles
NA
CVE-2023-6319
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 up to and including 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make ...
1 Github repository
1 Article
NA
CVE-2023-6318
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 up to and including 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authe...
1 Article
NA
CVE-2023-6320
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to tr...
1 Article
NA
CVE-2024-1885
This vulnerability allows remote malicious users to execute arbitrary code on the affected webOS of LG Signage.
NA
CVE-2024-1886
This vulnerability allows remote malicious users to traverse the directory on the affected webOS of LG Signage.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started