A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability.
Full versions and TV models affected:
* webOS 5.5.0 - 04.50.51 running on OLED55CXPUAÂ
* webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Bitdefender
Published: 2024-04-09T13:43:35.166Z
Updated: 2024-06-20T15:40:09.500Z
Reserved: 2023-11-27T14:22:32.470Z
Link: CVE-2023-6320
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-09T14:15:08.287
Modified: 2024-04-18T08:15:37.953
Link: CVE-2023-6320
JSON object: View
Redhat Information
No data.
CWE