Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.

The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.

The vulnerabilities are tracked from CVE-2023-6317 through CVE-2023-6320.

A brief description of the shortcomings is as follows –

CVE-2023-6317 – A vulnerability that allows an attacker to bypass PIN verification and add a privileged user profile to the TV set without requiring user interaction

CVE-2023-6318 – A vulnerability that allows the attacker to elevate their privileges and gain root access to take control of the device

CVE-2023-6319 – A vulnerability that allows operating system command injection by manipulating a library named asm responsible for showing music lyrics

CVE-2023-6320 – A vulnerability that allows for the injection of authenticated commands by manipulating the com.webos.service.connectionmanager/tv/setVlanStaticAddress API endpoint

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project’s scope
  • You get an all-inclusive, no engagement proposal
This field is for validation purposes and should be left unchanged.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)



Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.
This site is registered on as a development site. Switch to a production site key to remove this banner.