Login Sign Up

CVE-2023-6320

9.1 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a command injection vulnerability in LG webOS TVs that allows authenticated attackers to execute arbitrary commands as the dbus user. The vulnerability affects specific webOS versions 5 and 6 running on certain LG OLED TV models. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • LG OLED55CXPUA
  • LG OLED48C1PUB
Versions: webOS 5.5.0 - 04.50.51 and webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50
Operating Systems: webOS 5, webOS 6
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the vulnerable endpoint. Only specific TV models with exact firmware versions listed are affected.

📦 What is this software?

Webos by Lg

View all CVEs affecting Webos →

Webos by Lg

View all CVEs affecting Webos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to install persistent malware, steal sensitive data, pivot to other network devices, or render the TV inoperable.

🟠

Likely Case

Local network attacker gains shell access to TV, installs backdoors, modifies system settings, or uses TV as foothold for further network attacks.

🟢

If Mitigated

Attack limited to authenticated users only, preventing external internet-based attacks but still vulnerable to compromised local network devices.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated access and specific knowledge of the vulnerable endpoint. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check LG security bulletins for latest patched versions

Vendor Advisory: https://lgsecurity.lge.com/bulletins/tv#updateDetails

Restart Required: Yes

Instructions:

1. Navigate to TV Settings > All Settings > General > About This TV > Check for Updates. 2. Install any available updates. 3. Restart TV after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate smart TVs on separate VLAN or network segment to limit attack surface

Disable Unnecessary Services

all

Disable remote management and developer mode if not needed

🧯 If You Can't Patch

  • Segment TV network from critical systems and implement strict firewall rules
  • Monitor network traffic to/from TV for suspicious patterns and implement IDS/IPS rules

🔍 How to Verify

Check if Vulnerable:

Check TV firmware version in Settings > All Settings > General > About This TV > Software Version

Check Version:

Not applicable - check via TV settings interface

Verify Fix Applied:

Verify firmware version is newer than affected versions listed in CVE

📡 Detection & Monitoring

Log Indicators:

  • Unusual dbus activity
  • Failed authentication attempts to TV management interface
  • Suspicious process execution

Network Indicators:

  • Unusual outbound connections from TV
  • Traffic to TV on management ports from unexpected sources
  • HTTP requests to /tv/setVlanStaticAddress endpoint

SIEM Query:

source_ip IN (TV_IP_RANGE) AND (http_uri CONTAINS 'setVlanStaticAddress' OR process_name CONTAINS 'dbus')

📊 Metadata

CVE ID: CVE-2023-6320
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-78
Published: April 9, 2024
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6320, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)