CVE-2023-6319

Name of the Vulnerable Software and Affected Versions LG WebOS versions 4 through 7

Description A command injection issue exists in the getAudioMetadata method of the com.webos.service.attachedstoragemanager service. Exploitation involves sending specially crafted requests, potentially allowing a remote attacker to execute arbitrary commands as the root user. The vulnerability requires authenticated requests to trigger it.

Recommendations webOS versions 4.9.7 through 5.30.40: At the moment, there is no information about a newer version that contains a fix for this vulnerability. webOS versions 5.5.0 through 04.50.51: At the moment, there is no information about a newer version that contains a fix for this vulnerability. webOS versions 6.3.3-442 through 03.36.50: At the moment, there is no information about a newer version that contains a fix for this vulnerability. webOS versions 7.3.1-43 through 03.33.85: At the moment, there is no information about a newer version that contains a fix for this vulnerability.