CVE-2023-6319 Information

Apr 10, 2024 cve

Description

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.

webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA 

webOS 5.5.0 - 04.50.51 running on OLED55CXPUA 

webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB 

webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA

Reference

https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/ A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.

webOS 4.9.7

5.30.40 running on LG43UM7000PLA

webOS 5.5.0

04.50.51 running on OLED55CXPUA

webOS 6.3.3-442 (kisscurl-kinglake)

03.36.50 running on OLED48C1PUB

webOS 7.3.1-43 (mullet-mebin)

03.33.85 running on OLED55A23LA

Share on: