CVE-2023-6317

Name of the Vulnerable Software and Affected Versions webOS versions 4 through 7

Description A prompt bypass exists in the secondscreen.gateway service running on webOS, allowing an attacker to create a privileged account without asking the user for the security PIN. This issue is related to the modification of setting variables, which can be exploited by a remote attacker.

Recommendations For webOS versions 4 through 7, consider disabling the secondscreen.gateway service as a temporary workaround until a patch is available. Restrict access to the vulnerable service to minimize the risk of exploitation. Avoid using the LG ThinkQ app to create new user profiles until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.