CVE-2023-43481
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary JavaScript code in the TCL Browser TV Web BrowseHere application. Attackers can exploit a component called BrowsePageActivity to run malicious code on affected devices. This affects users of TCL smart TVs running the vulnerable browser version.
💻 Affected Systems
- Shenzhen TCL Browser TV Web BrowseHere (com.tcl.browser)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the TV system, allowing attackers to install malware, steal credentials, access connected devices on the network, and potentially gain persistent access to the home network.
Likely Case
Attackers execute malicious JavaScript to steal user data, redirect to phishing sites, or use the TV as part of a botnet for DDoS attacks or cryptocurrency mining.
If Mitigated
With proper network segmentation and security controls, impact is limited to the TV device itself without lateral movement to other network resources.
🎯 Exploit Status
The vulnerability allows remote code execution via JavaScript injection, making exploitation relatively straightforward for attackers with network access to the device.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Check for browser updates in the TV's app store. 2. If no update is available, disable or uninstall the TCL Browser app. 3. Use alternative browsers like Chrome or Firefox for TV if available.
🔧 Temporary Workarounds
Disable TCL Browser
androidRemove or disable the vulnerable browser application to prevent exploitation
adb shell pm disable-user --user 0 com.tcl.browser
adb shell pm uninstall -k --user 0 com.tcl.browser
Network Segmentation
allIsolate smart TVs on a separate VLAN to limit potential lateral movement
🧯 If You Can't Patch
- Disconnect TV from internet and use only as a display device
- Implement strict firewall rules to block all inbound traffic to the TV except essential services
🔍 How to Verify
Check if Vulnerable:
Check browser version in TV settings: Settings > Apps > TCL Browser > App infoCheck Version:
adb shell dumpsys package com.tcl.browser | grep versionNameVerify Fix Applied:
Verify browser is either updated to a newer version or completely removed from the device📡 Detection & Monitoring
Log Indicators:
- Unusual JavaScript execution in browser logs
- Unexpected network connections from TV to external IPs
- Browser crash logs with malicious payload indicators
Network Indicators:
- HTTP requests with JavaScript payloads to TV IP
- Unusual outbound traffic from TV to command and control servers
SIEM Query:
source="tv_logs" AND ("com.tcl.browser" OR "BrowsePageActivity") AND ("javascript:" OR "eval(" OR suspicious_js_patterns)