CVE-2023-6320

Name of the Vulnerable Software and Affected Versions webOS versions 5 and 6 webOS versions 5.5.0 - 04.50.51 webOS version 6.3.3-442

Description A command injection vulnerability exists in the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint. This vulnerability can be triggered by a series of specially crafted requests, leading to command execution as the dbus user. An attacker can make authenticated requests to exploit this issue.

Recommendations For webOS versions 5 and 6, consider disabling access to the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint until a patch is available. For webOS versions 5.5.0 - 04.50.51, restrict access to the vulnerable endpoint to minimize the risk of exploitation. For webOS version 6.3.3-442, avoid using the vulnerable endpoint in the affected API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.