- Description
- A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB
- Source
- cve-requests@bitdefender.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve-requests@bitdefender.com
- CWE-78
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lg:webos:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60222A18-12F9-4A88-8F06-FB7C5EC8B453"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lg:oled55cxpua:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8735748A-192A-4CBD-A596-1604940B9F3D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lg:webos:6.3.3-442:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5BAD119-46CA-4E42-9976-CE33CBBFE00A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lg:oled48c1pub:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6CD5B994-8D07-49D5-967C-9C7DFD9DABFD"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]