CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-6320

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 83.8%

CVSS Severity

CVSS v3 Score 9.1

References

https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
https://lgsecurity.lge.com/bulletins/tv#updateDetails
https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
https://lgsecurity.lge.com/bulletins/tv#updateDetails

Products affected by CVE-2023-6320

Lg » Oled48c1pub » Version: N/A

cpe:2.3:h:lg:oled48c1pub:-
Lg » Oled55cxpua » Version: N/A

cpe:2.3:h:lg:oled55cxpua:-
Lg » Webos » Version: 5.5.0

cpe:2.3:o:lg:webos:5.5.0
Lg » Webos » Version: 6.3.3-442

cpe:2.3:o:lg:webos:6.3.3-442

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6320

Products

Pricing

Contact Us