Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command injection in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint
Vulnerability Description
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
LG webOS 安全漏洞
Vulnerability Description
LG webOS是韩国乐金(LG)公司的一个基于 Linux 内核的智能电视操作系统。 LG webOS 存在安全漏洞,该漏洞源于om.webos.service.connectionmanager/tv/setVlasticAddress端点中存在命令注入漏洞。受影响的产品和版本:webOS 5.5.0至04.50.51版本,6.3.3-442 (kisscurl-kinglake)至03.36.50版本。
CVSS Information
N/A
Vulnerability Type
N/A