Alexandru Lazăr

**Name of the Vulnerable Software and Affected Versions** LG WebOS versions 5 through 7 LG WebOS versions 5.5.0 through 6.3.3-442 LG WebOS version 7.3.1-43 **Description** A command injection issue exists in the `processAnalyticsReport()` method of the `com.webos.service.cloudupload` service. This allows a remote attacker to execute arbitrary commands as the root user by sending specially crafted requests. The vulnerability stems from a failure to neutralize special elements used in operating system commands. Additionally, command injection flaws exist in the `getAudioMetadata()` method of the `com.webos.service.attachedstoragemanager` service and the `tv/setVlanStaticAddress` service of `com.webos.service.connectionmanager`. Exploitation of these vulnerabilities can allow a remote attacker to execute arbitrary commands, either as the root user or as the `dbus` user, through crafted requests. A vulnerability also exists in the `secondscreen.gateway` service related to bypassing the authorization mechanism by modifying variable settings, potentially allowing a remote attacker to create a privileged user account. **Recommendations** For webOS versions prior to 5.5.0, apply the necessary updates to address the vulnerability. For webOS version 5.5.0 through 6.3.3-442, apply the necessary updates to address the vulnerability. For webOS version 7.3.1-43, apply the necessary updates to address the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LG WebOS versions 4 through 7 **Description** A command injection issue exists in the `getAudioMetadata` method of the `com.webos.service.attachedstoragemanager` service. Exploitation involves sending specially crafted requests, potentially allowing a remote attacker to execute arbitrary commands as the root user. The vulnerability requires authenticated requests to trigger it. **Recommendations** webOS versions 4.9.7 through 5.30.40: At the moment, there is no information about a newer version that contains a fix for this vulnerability. webOS versions 5.5.0 through 04.50.51: At the moment, there is no information about a newer version that contains a fix for this vulnerability. webOS versions 6.3.3-442 through 03.36.50: At the moment, there is no information about a newer version that contains a fix for this vulnerability. webOS versions 7.3.1-43 through 03.33.85: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webOS versions 5 and 6 webOS versions 5.5.0 - 04.50.51 webOS version 6.3.3-442 **Description** A command injection vulnerability exists in the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint. This vulnerability can be triggered by a series of specially crafted requests, leading to command execution as the dbus user. An attacker can make authenticated requests to exploit this issue. **Recommendations** For webOS versions 5 and 6, consider disabling access to the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint until a patch is available. For webOS versions 5.5.0 - 04.50.51, restrict access to the vulnerable endpoint to minimize the risk of exploitation. For webOS version 6.3.3-442, avoid using the vulnerable endpoint in the affected API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webOS versions 4 through 7 **Description** A prompt bypass exists in the secondscreen.gateway service running on webOS, allowing an attacker to create a privileged account without asking the user for the security PIN. This issue is related to the modification of setting variables, which can be exploited by a remote attacker. **Recommendations** For webOS versions 4 through 7, consider disabling the secondscreen.gateway service as a temporary workaround until a patch is available. Restrict access to the vulnerable service to minimize the risk of exploitation. Avoid using the LG ThinkQ app to create new user profiles until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.