Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices.
The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on LG TVs.
“WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by the LG ThinkQ smartphone app to control the TV. To set up the app, the user must enter a PIN code into the display on the TV screen.” reads the advisory. “An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile.”